{"resultsPerPage":2000,"startIndex":0,"totalResults":2175,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T12:21:36.191","vulnerabilities":[{"cve":{"id":"CVE-2011-0627","sourceIdentifier":"psirt@adobe.com","published":"2011-05-13T22:55:01.580","lastModified":"2026-06-23T16:16:56.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file."},{"lang":"es","value":"Adobe Flash Player en versiones anteriores a v10.3.181.14 en Windows, Mac OS X, Linux y Solaris, y anteriores a v10.3.185.21 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria ) a través de contenido de Flash elaborado para ese fin, como las que fueron posiblemente explotadas en mayo 2011 por un documento de Microsoft Office con un archivo .swf incrustado."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:07:20.467683Z","id":"CVE-2011-0627","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.159.1","matchCriteriaId":"9B99FD14-C6C8-49A5-A21F-7CEB4713CF4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*","matchCriteriaId":"7143E94B-F3CD-4E32-A7BB-C72C816EEACA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*","matchCriteriaId":"4654752C-F677-4066-8C48-BAD09392A594"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*","matchCriteriaId":"DDFF4A51-C936-4C5B-8276-FD454C9E4F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D5ECC9D7-3386-4FEA-9218-91E31FF90F3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:*","matchCriteriaId":"6E81EA32-9621-4ACE-9191-2E9B8C24D500"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:*","matchCriteriaId":"3B0E10D6-6348-471B-918A-60AAE2AC5F86"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:*","matchCriteriaId":"F7FBE855-7EE3-46F2-9FA1-0366AC8C5D24"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*","matchCriteriaId":"F0E93289-6EE0-401A-958D-F59D2CDAE2F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:*","matchCriteriaId":"A67FC00F-0C85-4DD7-81EA-65533EABC767"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.60.0:*:*:*:*:*:*:*","matchCriteriaId":"14E67AD7-0791-4D5D-A3B2-E173088B5228"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.61.0:*:*:*:*:*:*:*","matchCriteriaId":"EAF07696-9C85-470E-B608-1B0193CAFB6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*","matchCriteriaId":"0FA3E556-BF8F-4D30-8DE5-09DA3FD8D5C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.66.0:*:*:*:*:*:*:*","matchCriteriaId":"C0DC1B9D-686D-46A3-B9F4-DD4E078DF74D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.67.0:*:*:*:*:*:*:*","matchCriteriaId":"4BC3ABBA-8B36-448D-883B-C675C202028A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.68.0:*:*:*:*:*:*:*","matchCriteriaId":"EF2A52D9-0A1C-4E53-AFA2-148FF03D23A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*","matchCriteriaId":"A82D5B56-44E0-4120-B73E-0A1155AF4B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*","matchCriteriaId":"8E895107-ED8A-4F88-87C3-935EAE299C01"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.0.73.0:*:*:*:*:*:*:*","matchCriteriaId":"1752F67C-75A9-4226-AB30-A94EB6C85526"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*","matchCriteriaId":"4007D621-A0BC-4927-82A7-10D73802BCF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"641776AE-5408-439E-8290-DD9324771874"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*","matchCriteriaId":"138A932A-D775-46A2-86EC-3C03C96884C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*","matchCriteriaId":"D12E3957-D7B2-4F3B-BB64-8B50B8958DEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*","matchCriteriaId":"C0C5537E-3153-400D-9F9B-91E7F1218C8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*","matchCriteriaId":"32912721-F750-4C20-B999-E728F7D3A85D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*","matchCriteriaId":"6693B1C4-B2A9-4725-AD0E-A266B9DF55AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*","matchCriteriaId":"A95FA639-346C-491C-81A8-6C2A7B01AA19"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*","matchCriteriaId":"C9F1E5AB-DEFA-42FC-A299-C8EEB778F9C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*","matchCriteriaId":"FC7DD938-F963-4E03-B66B-F00436E4EA9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*","matchCriteriaId":"351825F4-227D-4743-A74B-EAFC1034500B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*","matchCriteriaId":"B2A0777F-22C2-4FD5-BE81-8982BE6874D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*","matchCriteriaId":"F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*","matchCriteriaId":"600DDA9D-6440-48D1-8539-7127398A8678"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*","matchCriteriaId":"B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*","matchCriteriaId":"934A869D-D58D-4C36-B86E-013F62790585"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*","matchCriteriaId":"ACFA6611-99DA-48B0-89F7-DD99B8E30334"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*","matchCriteriaId":"59AF804B-BD7A-4AD7-AD44-B5D980443B8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*","matchCriteriaId":"F5D52F86-2E38-4C66-9939-7603367B8D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*","matchCriteriaId":"0557AA2A-FA3A-460A-8F03-DC74B149CA3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*","matchCriteriaId":"2FC04ABF-6191-4AA5-90B2-E7A97E6C6005"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*","matchCriteriaId":"F22F1B02-CCF5-4770-A79B-1F58CA4321CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*","matchCriteriaId":"93957171-F1F4-43ED-A8B9-2D36C81EB1F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*","matchCriteriaId":"7AE89894-E492-4380-8A2B-4CDD3A15667A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*","matchCriteriaId":"1C6ED706-BAF2-4795-B597-6F7EE8CA8911"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*","matchCriteriaId":"260E2CF6-4D15-4168-A933-3EC52D8F93FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*","matchCriteriaId":"D50BF190-2629-49A8-A377-4723C93FFB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*","matchCriteriaId":"9E59E2AD-38BB-46DF-AC0D-D36F1F259AD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*","matchCriteriaId":"DD04F04C-30CE-4A8D-B254-B10DEF62CEEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*","matchCriteriaId":"96DC7742-499D-4BF5-9C5B-FCFF912A9892"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*","matchCriteriaId":"BDD0A103-6D00-4D3D-9570-2DF74B6FE294"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*","matchCriteriaId":"33AC4365-576C-487A-89C5-197A26D416C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*","matchCriteriaId":"84B367AC-E1E1-4BC5-8BF4-D5B517C0CA7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*","matchCriteriaId":"A0A9C054-1F82-41DD-BE13-2B71B6F87F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*","matchCriteriaId":"7CB0781E-D5B5-4576-ABD4-0EE1C0C3DF12"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.277.0:*:*:*:*:*:*:*","matchCriteriaId":"7AE15288-9344-41ED-B574-6DC4A4DDE386"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.0.283.0:*:*:*:*:*:*:*","matchCriteriaId":"84963C1D-06C1-4FBF-A3B8-EB14D2EB43DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*","matchCriteriaId":"FE848097-01E6-4C9B-9593-282D55CC77D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*","matchCriteriaId":"08E4028B-72E7-4E4A-AD0F-645F5AACAA29"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*","matchCriteriaId":"63313ADA-3C52-47C8-9745-6BF6AEF0F6AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*","matchCriteriaId":"BA646396-7C10-45A0-89A9-C75C5D8AFB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*","matchCriteriaId":"476BB487-150A-4482-8C84-E6A2995A97E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*","matchCriteriaId":"3555324F-40F8-4BF4-BE5F-52A1E22B3AFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*","matchCriteriaId":"60540FDE-8C31-4679-A85E-614B1EFE1FF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*","matchCriteriaId":"AE652520-B693-47F1-A342-621C149A7430"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*","matchCriteriaId":"D0EC3272-8E1E-4415-A254-BB6C7FB49BEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*","matchCriteriaId":"0CF5AF16-A4F2-4E65-ADA8-DE11BE1F198D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*","matchCriteriaId":"F7DF88E7-1A67-447C-BCF8-5C5564002207"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*","matchCriteriaId":"460A0D6C-3A06-4910-B1E5-375E12F64F6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*","matchCriteriaId":"950D8316-8117-4C09-A2A9-B34191957D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*","matchCriteriaId":"A5484DE8-3CB1-4591-BF30-0D5E255034E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*","matchCriteriaId":"02EBACEB-1266-4A2C-A47E-066D12EE5B96"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*","matchCriteriaId":"CA86C5B3-1FC9-4585-9566-862A0318AF2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*","matchCriteriaId":"CCC09395-A9C7-4D7F-9B55-3120A84CB427"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*","matchCriteriaId":"3C2A6BBE-6033-4EF2-B890-9BD8867CC65A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*","matchCriteriaId":"F3ACD1B2-F952-46C8-989A-C4744E16D5E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.152:*:*:*:*:*:*:*","matchCriteriaId":"E91594E8-5320-4B6A-A4D8-17BBF211A96E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.152.32:*:*:*:*:*:*:*","matchCriteriaId":"110ED819-CFFD-4DA6-BE13-08CDEFD17ADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*","matchCriteriaId":"C3FD4968-B784-40D5-A09C-51F303A4C8C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*","matchCriteriaId":"D8314735-FF59-48CF-898B-95967B2856DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*","matchCriteriaId":"3F52F734-0C14-4FE6-82C7-038C28383A12"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","matchCriteriaId":"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.157.51","matchCriteriaId":"618C6D69-361C-44CC-92EE-088015A8346F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*","matchCriteriaId":"02EBACEB-1266-4A2C-A47E-066D12EE5B96"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*","matchCriteriaId":"CA86C5B3-1FC9-4585-9566-862A0318AF2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*","matchCriteriaId":"3C2A6BBE-6033-4EF2-B890-9BD8867CC65A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.105.6:*:*:*:*:*:*:*","matchCriteriaId":"33B7290A-8A7E-496D-95C4-DADA2821859B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.1.106.16:*:*:*:*:*:*:*","matchCriteriaId":"05D97485-2C56-4B63-B105-BDB44E853210"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*","matchCriteriaId":"8E007346-F45A-456F-BD0A-F3110A5854FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","matchCriteriaId":"8255F035-04C8-4158-B301-82101711939C"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html","source":"psirt@adobe.com"},{"url":"http://www.adobe.com/support/security/bulletins/apsb11-12.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914","source":"psirt@adobe.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053","source":"psirt@adobe.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.adobe.com/support/security/bulletins/apsb11-12.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-5719","sourceIdentifier":"cve@mitre.org","published":"2016-09-03T20:59:00.153","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors."},{"lang":"es","value":"app/Controller/TemplatesController.php en Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.92 no restringe adecuadamente nombres de archivo bajo el directorio tmp/files/, lo que tiene un impacto y vectores de ataque no especificados."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.91","matchCriteriaId":"6B9416F4-5542-4512-AB7F-125100CAA28D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92740","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5719/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92740","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5719/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-5720","sourceIdentifier":"cve@mitre.org","published":"2016-09-03T20:59:01.483","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en la funcionalidad de creación de plantilla en Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican (1) add.ctp, (2) edit.ctp y (3) ajaxification.js."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.89","matchCriteriaId":"F2A656C7-581B-49C5-A894-7947A5ED50BD"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92738","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5720/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92738","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5720/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-5721","sourceIdentifier":"cve@mitre.org","published":"2016-09-03T20:59:02.733","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp."},{"lang":"es","value":"Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permite a atacantes remotos llevar a cabo ataques de inyección de objeto PHP a través de datos serializados manipulados, relacionado con TemplatesController.php y populate_event_from_template_attributes.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.89","matchCriteriaId":"F2A656C7-581B-49C5-A894-7947A5ED50BD"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92739","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5721/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92739","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://www.circl.lu/advisory/CVE-2015-5721/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-13671","sourceIdentifier":"cve@mitre.org","published":"2017-08-24T19:29:00.250","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation."},{"lang":"es","value":"app/View/Helper/CommandHelper.php en MISP en versiones anteriores a la 2.4.79 tiene XSS persistente mediante comentarios. Sólo afecta a los usuarios de la misma instancia, debido a que el campo comment no forma parte de la sincronización MISP."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.78","matchCriteriaId":"165B31DC-2DCE-4BC3-8450-3F0F835715C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/100533","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/100533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-12350","sourceIdentifier":"psirt@cisco.com","published":"2017-11-16T07:29:01.057","lastModified":"2026-06-22T15:00:00.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220."},{"lang":"es","value":"Una vulnerabilidad en Cisco Umbrella Insights Virtual Appliances 2.1.0 y anteriores podría permitir que un atacante local autenticado inicie sesión en una máquina virtual afectada con privilegios root. La vulnerabilidad se debe a la presencia de credenciales estáticas de usuario por defecto para una máquina virtual afectada. Un atacante podría explotar esta vulnerabilidad empleando la consola del hipervisor para conectarse de forma local a un sistema afectado y, a continuación, empleando las credenciales estáticas para iniciar sesión en una máquina virtual afectada. Un exploit con éxito podría permitir que el atacante consiga iniciar sesión en el aparato afectado con privilegios root. Cisco Bug IDs: CSCvg31220."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"n/a","product":"Cisco Umbrella Insights Virtual Appliance","versions":[{"version":"Cisco Umbrella Insights Virtual Appliance","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","matchCriteriaId":"25917294-E071-4B02-8B2D-955378BBF245"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101879","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/101879","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.info-sec.ca/advisories/Cisco-Umbrella-Hardcoded-Credentials.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-16946","sourceIdentifier":"cve@mitre.org","published":"2017-11-25T18:29:00.220","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log."},{"lang":"es","value":"La función admin_edit en app/Controller/UsersController.php en MISP 2.4.82 gestiona de manera incorrecta el campo enable_password, lo que permite que administradores descubran una contraseña hasheada mediante la lectura del registro de auditoría."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.82:*:*:*:*:*:*:*","matchCriteriaId":"0E69BD26-5502-463A-B63F-C48E0A90506B"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2017-6679","sourceIdentifier":"psirt@cisco.com","published":"2017-12-01T17:29:00.667","lastModified":"2026-06-22T13:52:20.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established."},{"lang":"es","value":"Cisco Umbrella Virtual Appliance en sus versiones 2.0.3 y anteriores contenían un túnel de soporte remoto cifrado sin documentar (SSH) que se iniciaba automáticamente desde la máquina del cliente a los hubs SSH de Cisco en los CPD de Umbrella. Estos túneles se utilizaban en principio para proporcionar soporte remoto y permitían al personal autorizado/autenticado del equipo de Cisco Umbrella para que accediesen a la máquina remotamente y obtuvieses el control total sin la aprobación explícita del cliente. Para resolver esta vulnerabilidad, la versión 2.1.0 de Umbrella Virtual Appliance ahora necesita la aprobación explícita del cliente antes de que se pueda establecer un túnel SSH desde la máquina virtual al servidor destino de Cisco."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"n/a","product":"Cisco Umbrella Virtual Appliance Version 2.0.3 and prior","versions":[{"version":"Cisco Umbrella Virtual Appliance Version 2.0.3 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C","baseScore":6.0,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":1.5,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.0","matchCriteriaId":"400E97D8-5172-424E-BFC1-15EB9DB92372"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101567","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://support.umbrella.com/hc/en-us/articles/115004154423","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://www.info-sec.ca/advisories/Cisco-Umbrella.html","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/101567","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.umbrella.com/hc/en-us/articles/115004154423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.info-sec.ca/advisories/Cisco-Umbrella.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-8046","sourceIdentifier":"security_alert@emc.com","published":"2018-01-04T06:29:00.307","lastModified":"2026-06-26T18:44:14.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code."},{"lang":"es","value":"Las peticiones PATCH maliciosas enviadas a servidores que utilizan versiones Spring Data REST anteriores a la 2.6.9 (Ingalls SR9), versiones anteriores a la 3.0.1 (Kay SR1) y versiones Spring Boot anteriores a la 1.5.9, 2.0 M6 pueden utilizar datos JSON especialmente diseñados para ejecutar código Java arbitrario."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Pivotal","product":"Pivotal Spring Data REST and Spring Boot","versions":[{"version":"Pivotal Spring Data REST versions prior to 2.6.9 (Ingalls SR9), 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.9","matchCriteriaId":"2D178DD5-5C7C-4954-AE5C-7805EEE0869B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"141F2C99-AD34-4003-81D4-689F3F1A53ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"D7929E66-FCA2-4D1B-B29F-55BF70AF70C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"E6B93CDA-E5D9-4955-910A-22B38779F23C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"F324F68E-CF50-4F2E-90E4-3620CE05A944"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"C120785F-A827-4870-B33B-679367A9EB20"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CB3CC672-C90E-40FD-890F-93C4F5338513"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*","matchCriteriaId":"360B3EDD-18D5-44D7-A998-89F55DD9F5E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*","matchCriteriaId":"95140537-ECA9-4A68-BD05-AEE47C36DD94"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*","matchCriteriaId":"47F7A32E-5F18-4651-842D-968FE380AA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*","matchCriteriaId":"BCCDFF26-CF5B-44A6-8EDE-0A5353C669DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.9","matchCriteriaId":"6B3342AA-A589-465D-A8B0-8875EF656A99"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"CD27BB87-38F1-4294-B34C-7552A367D36D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"9ED5009A-D7B9-45E8-B439-BC09DB47718D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"34316476-8B3D-4E70-8B02-E85A62B37002"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/100948","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2405","source":"security_alert@emc.com"},{"url":"https://pivotal.io/security/cve-2017-8046","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/44289/","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/100948","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2405","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pivotal.io/security/cve-2017-8046","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/44289/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2018-6926","sourceIdentifier":"cve@mitre.org","published":"2018-02-12T17:29:00.323","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator."},{"lang":"es","value":"En app/Controller/ServersController.php en MISP 2.4.87, una opción del servidor permitía el reemplazo de una variable de ruta en ciertos sistemas Red Hed Enterprise Linux y CentOS (donde rh_shell_fix estaba habilitado) y, en consecuencia, permitía que los administradores del sitio inyectasen comandos arbitrarios del sistema operativo. El impacto es limitado debido a que la opción solo está disponible para el administrador del sitio."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.87:*:*:*:*:*:*:*","matchCriteriaId":"0302A48C-8FDB-41B2-98C1-0326B08A492C"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/0a2aa9d52492d960b9a161160acedbe9caaa4126","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/0a2aa9d52492d960b9a161160acedbe9caaa4126","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-1273","sourceIdentifier":"security_alert@emc.com","published":"2018-04-11T13:29:00.290","lastModified":"2026-06-26T18:44:14.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack."},{"lang":"es","value":"Spring Data Commons, en versiones anteriores a las comprendidas entre la 1.13 y la 1.13.10 y entre la 2.0 y la 2.0.5 y versiones antiguas no soportadas, contiene una vulnerabilidad Property Binder debido a una neutralización incorrecta de los elementos especiales. Un usuario (o atacante) remoto no autenticado puede pasar parámetros de petición especialmente manipulados contra los recursos HTTP respaldados con datos REST de Spring o utilizar el hat de vinculación de la carga útil de la petición basada en la proyección para permitir un ataque de ejecución remota de código."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Spring by Pivotal","product":"Spring Framework","versions":[{"version":"Versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-07T12:41:40.372134Z","id":"CVE-2018-1273","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2022-03-25","cisaActionDue":"2022-04-15","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"VMware Tanzu Spring Data Commons Property Binder Vulnerability","weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.10","matchCriteriaId":"796986C2-3AE7-480F-B8DE-242DCDB9FD29"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","versionEndIncluding":"1.13.10","matchCriteriaId":"66999642-5CBA-4037-9572-63897ED925B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.5","matchCriteriaId":"A0BAA03C-73C8-48CD-B566-16E1A3F77661"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.5","matchCriteriaId":"982582FD-1BC2-4431-8AAE-2771A5904FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.10","matchCriteriaId":"B10CE829-5CC9-4607-9A3B-F54596D8736B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.0","versionEndIncluding":"2.6.10","matchCriteriaId":"3357249E-1A8F-43F9-A9AE-3BD8E114C70F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.1","versionEndIncluding":"2.5.0","matchCriteriaId":"F234D76F-9EEA-4BF9-A8C6-56624D0BCF96"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ignite:1.0.0:-:*:*:*:*:*:*","matchCriteriaId":"F78DC740-7A30-4F38-9289-9E0C8EF14D0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ignite:1.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"BE7DCCD6-7D9E-47EA-8B6E-3B83B5B06E68"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*","matchCriteriaId":"55F091C7-0869-4FD6-AC73-DA697D990304"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*","matchCriteriaId":"4D134C60-F9E2-46C2-8466-DB90AD98439E"}]}]}],"references":[{"url":"http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-1273","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-1273","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-1273","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2018-1274","sourceIdentifier":"security_alert@emc.com","published":"2018-04-18T16:29:00.417","lastModified":"2026-06-26T18:44:14.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption)."},{"lang":"es","value":"Spring Data Commons, en versiones anteriores a las comprendidas entre la 1.13 y la 1.13.10 y entre la 2.0 y la 2.0.5 y versiones antiguas no soportadas, contiene una vulnerabilidad property path parser provocada por la asignación de recursos ilimitada. Un usuario (o atacante) remoto no autenticado puede enviar peticiones contra los endpoints REST de Spring Data o a los endpoints empleando el análisis de ruta de propiedades, lo que puede provocar una denegación de servicio (consumo de CPU y de recursos)."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Spring by Pivotal","product":"Spring Framework","versions":[{"version":"Versions 1.13 to 1.13.10, 2.0 to 2.0.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionEndExcluding":"1.13.11","matchCriteriaId":"0767C58F-292C-498F-8019-78FA7BE144DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.6","matchCriteriaId":"BAC2030B-2AF7-4DA3-AB49-3C589D140862"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.0.5","matchCriteriaId":"EA2BCF43-9888-4C3E-BBBB-3EC519CECC9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6","versionEndIncluding":"2.6.10","matchCriteriaId":"D6EFF8ED-35FF-4B6E-904D-CF496F09B05E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103769","source":"security_alert@emc.com","tags":["Broken Link"]},{"url":"https://pivotal.io/security/cve-2018-1274","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/103769","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://pivotal.io/security/cve-2018-1274","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-1259","sourceIdentifier":"security_alert@emc.com","published":"2018-05-11T20:29:00.307","lastModified":"2026-06-26T18:44:14.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."},{"lang":"es","value":"Spring Data Commons, en versiones 1.13 anteriores a la 1.13.12 y versiones 2.0 anteriores a la 2.0.7, empleado junto con XMLBeam, en versiones 1.4.14 o anteriores, contiene una vulnerabilidad de enlazador de propiedades provocada por la restricción incorrecta de referencias de entidades externas XML, ya que la biblioteca subyacente XMLBeam no restringe la expansión de referencias externas. Un usuario remoto malicioso no autenticado puede proporcionar parámetros de petición especialmente manipulados al enlace de la carga útil de petición basada en proyección de Spring Data para acceder a archivos arbitrarios en el sistema."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Pivotal","product":"Spring Data Commons","versions":[{"version":"1.13 prior to 1.13.12; 2.0 prior to 2.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13","versionEndIncluding":"1.13.11","matchCriteriaId":"2DC92E09-A26B-405E-ABFE-CA8652D958AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:spring_data_commons:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0","versionEndIncluding":"2.0.6","matchCriteriaId":"D2A4E608-6E56-47B3-84AB-C6C36F789E5C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.0.6","matchCriteriaId":"AAF1612F-D7FE-480E-8C28-2D97413787F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartExcluding":"2.6","versionEndIncluding":"2.6.11","matchCriteriaId":"17EEB690-8E68-410F-9026-88EF634FD4AF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.14","matchCriteriaId":"8A5EE557-849E-4677-B7B4-4A1BDB6EA0F0"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2018:1809","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3768","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-1259","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security_alert@emc.com"},{"url":"https://access.redhat.com/errata/RHSA-2018:1809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3768","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-1259","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2018-11562","sourceIdentifier":"cve@mitre.org","published":"2018-05-30T20:29:00.313","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter."},{"lang":"es","value":"Se ha descubierto un problema en MISP 2.4.91. Una vulnerabilidad en app/View/Elements/eventattribute.ctp permite Cross-Site Scripting (XSS) reflejado si un usuario hace clic en un enlace malicioso para una vista de eventos y luego hace clic en el filtro rápido de atributos eliminados."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.91:*:*:*:*:*:*:*","matchCriteriaId":"513F7C23-DD8B-4F88-B057-A88C0D63AF75"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/10080096879d1076756f62760d6daf582b6db722","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/10080096879d1076756f62760d6daf582b6db722","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-12649","sourceIdentifier":"cve@mitre.org","published":"2018-06-22T14:29:00.310","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests."},{"lang":"es","value":"Se ha descubierto un problema en app/Controller/UsersController.php, en MISP 2.4.92. Un adversario puede omitir la protección de fuerza bruta mediante el uso de un método HTTP PUT en lugar de un método HTTP POST en la parte de inicio de sesión, ya que esta protección solo cubre peticiones POST."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.92:*:*:*:*:*:*:*","matchCriteriaId":"FCCD4CF3-BD7A-4F87-A73D-7B8D895738F6"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/6ffacc1e239930e0e8464d0ca16e432e26cf36a9","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/6ffacc1e239930e0e8464d0ca16e432e26cf36a9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2018-10622","sourceIdentifier":"security@medtronic.com","published":"2018-08-10T18:29:00.230","lastModified":"2026-06-22T21:16:22.553","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication."},{"lang":"es","value":"Se ha descubierto una vulnerabilidad en todas las versiones de Medtronic MyCareLink Patient Monitor 24950 y 24952. Los productos afectados emplean credenciales por producto que se almacenan en un formato recuperable. Un atacante puede emplear estas credenciales para autenticarse en red y cifrar datos locales en reposo."}],"affected":[{"source":"security@medtronic.com","affectedData":[{"vendor":"Medtronic","product":"24950 MyCareLink Monitor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"February 25, 2026","versionType":"custom","status":"affected"}]},{"vendor":"Medtronic","product":"24952 MyCareLink Monitor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"February 25, 2026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@medtronic.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":4.2}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@medtronic.com","type":"Secondary","description":[{"lang":"en","value":"CWE-313"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A4008DB3-E151-41BA-A308-7BE733268845"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"60267DCC-89D0-48E3-B6EB-9AD60DC1F16F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"8AACDB33-1EC3-44E1-8C1C-38C766E85F85"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"BCDA4070-6CDD-42CA-A4A8-DA6B0E98C64D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105042","source":"security@medtronic.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json","source":"security@medtronic.com"},{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html","source":"security@medtronic.com"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01","source":"security@medtronic.com"},{"url":"http://www.securityfocus.com/bid/105042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2018-19908","sourceIdentifier":"cve@mitre.org","published":"2018-12-06T16:29:00.290","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import."},{"lang":"es","value":"Vulnerabilidad de escalado de privilegios en Microsoft Windows Client en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten código arbitrario mediante malware especialmente manipulado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.90","versionEndExcluding":"2.4.99","matchCriteriaId":"EA485716-5E84-4CBD-8ED6-1568A98EBDE6"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.99","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46401/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.99","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/46401/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2019-9482","sourceIdentifier":"cve@mitre.org","published":"2019-03-01T05:29:00.790","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only)."},{"lang":"es","value":"En la versión 2.4.102 de MISP, un usuario autenticado puede ver sightings para los que no deberían ser eligibles. Su explotación requiere acceso al evento que ha recibido dicho sighting. Este problema solo afecta a las instancias con ajustes de sightings restrictivos (solo evento / sighting solamente reportado)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.102:*:*:*:*:*:*:*","matchCriteriaId":"68A8AF8A-0FEA-4D14-8175-D69A55C85E22"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/c69969329d197bcdd04832b03310fa73f4eb7155","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c69969329d197bcdd04832b03310fa73f4eb7155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-10254","sourceIdentifier":"cve@mitre.org","published":"2019-03-28T15:29:00.387","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability."},{"lang":"es","value":"En MISP, en versiones anteriores a la 2.4.105, la plantilla de diseño por defecto \"app/View/Layouts/default.ctp\" tiene una vulnerabilidad de XSS reflejado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.105","matchCriteriaId":"C3886C72-806F-4DE2-9CC5-BAFC62F49D82"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/f493659...0e4f66e","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/586cca384be6710b03e14bcbeb7588c1772604ec","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/f493659...0e4f66e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-11812","sourceIdentifier":"cve@mitre.org","published":"2019-05-08T13:29:00.253","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link."},{"lang":"es","value":"Un problema XSS persistente se descubrió en el archivo app/View/Helper/CommandHelper.php en MISP anterior a la versión 2.4.107 un JavaScript puede ser insertado en la interfaz discussion y puede ser activado haciendo clic sobre el enlace."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.107","matchCriteriaId":"90A0A3C8-8650-4F30-BDBF-D970AD620A53"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/3a085a6ceea00b3ab674a984dd56c1846ef775ff","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/3a085a6ceea00b3ab674a984dd56c1846ef775ff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-11813","sourceIdentifier":"cve@mitre.org","published":"2019-05-08T13:29:00.440","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links."},{"lang":"es","value":"Fue encontrado un problema en el archivo app/View/Elements/Events/View/value_field.ctp en MISP anterior a la versión 2.4.107. Se presenta un XSS persistente por medio de los atributos tipo Link con enlances javascript://."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.107","matchCriteriaId":"90A0A3C8-8650-4F30-BDBF-D970AD620A53"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/6f6fb678ca07c80cb7d2bdfe5cb0313bb71bd487","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/MISP/MISP/commit/6f6fb678ca07c80cb7d2bdfe5cb0313bb71bd487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-11814","sourceIdentifier":"cve@mitre.org","published":"2019-05-08T13:29:00.487","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot."},{"lang":"es","value":"Se descubrió un problema en app/webroot/js/misp.js en el PSIM versiones anteriores a 2.4.107. Hay XSS persistente a través de los nombres de las imágenes en los títulos, como lo demuestra una captura de pantalla."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.107","matchCriteriaId":"90A0A3C8-8650-4F30-BDBF-D970AD620A53"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/62f15433e42fb92e45bd57dd6fc0c0bf53deb6fc","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/62f15433e42fb92e45bd57dd6fc0c0bf53deb6fc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-12794","sourceIdentifier":"cve@mitre.org","published":"2019-06-11T17:29:00.550","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this."},{"lang":"es","value":"Un problema fue descubierto en MISP 2.4.108. Los administradores de la organización podrían restablecer las credenciales de los administradores del sitio (los administradores de la organización tienen la capacidad inherente de restablecer las contraseñas para todos los usuarios de su organización). Sin embargo, esto podría ser objeto de abuso en una situación en la que la organización anfitriona de una instancia crea administradores de la organización. Un administrador de la organización podría establecer una contraseña manualmente para el administrador del sitio o simplemente usar la clave API del administrador del sitio para hacerse pasar por ella. El potencial de abuso solo se produce cuando la organización anfitriona crea administradores de organización con menos privilegios en lugar de los administradores de sitio habituales. Además, solo los administradores de la organización de la misma organización que el administrador del sitio podrían abusar de esto."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.108:*:*:*:*:*:*:*","matchCriteriaId":"B15D8F28-1CAB-46BA-9965-701700504F10"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/36b43f1306873cff87b7aa30cdc1a30b38c9c16a","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/36b43f1306873cff87b7aa30cdc1a30b38c9c16a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-12868","sourceIdentifier":"cve@mitre.org","published":"2019-06-18T00:15:09.317","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization."},{"lang":"es","value":"El archivo app/Model/Server.php en MISP versión 2.4.109 permite la ejecución de comandos remota por parte de un super administrador porque la función file_exists de PHP se utiliza con entradas controladas por el usuario, y las URL phar:// activan la deserialización."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.109:*:*:*:*:*:*:*","matchCriteriaId":"F0BF104C-2FC6-4654-973F-6DFC3DEF7F64"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/c42c5fe92783dd306b7600db1f6a25324445b40c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-command-injection-via-phar-deserialization/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/c42c5fe92783dd306b7600db1f6a25324445b40c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-command-injection-via-phar-deserialization/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2019-14286","sourceIdentifier":"cve@mitre.org","published":"2019-07-27T18:15:12.120","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability."},{"lang":"es","value":"En el archivo app/webroot/js/event-graph.js en MISP versión 2.4.111, se presenta  una vulnerabilidad de tipo XSS almacenado en la visualización de gráficos de eventos cuando un usuario alterna la visualización de gráficos de eventos. Se necesita diseñar un evento MISP malicioso para desencadenar la vulnerabilidad."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.111:*:*:*:*:*:*:*","matchCriteriaId":"CC8960F9-ECE5-4529-91E7-2D13C0BFE19E"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/26bedd8a68c32a2f14460a8eac2a9fb09923392b","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/26bedd8a68c32a2f14460a8eac2a9fb09923392b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-16202","sourceIdentifier":"cve@mitre.org","published":"2019-09-10T14:15:10.663","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a \"This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)\" message."},{"lang":"es","value":"MISP versiones anteriores a 2.4.115, permite una escalada de privilegios en ciertas situaciones. Después de actualizar a la versión 2.4.115, los intentos de escalada son bloqueados por la función __checkLoggedActions con un mensaje \"This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (versiones anteriores a la 2.4.115)\"."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.115","matchCriteriaId":"DF635E44-E31F-4466-94B5-2A33BD0B61B1"}]}]}],"references":[{"url":"https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-19379","sourceIdentifier":"cve@mitre.org","published":"2019-11-28T17:15:12.867","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data."},{"lang":"es","value":"En el archivo app/Controller/TagsController.php en MISP versión 2.4.118, los usuarios pueden omitir las restricciones previstas en los datos de etiquetado."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.118:*:*:*:*:*:*:*","matchCriteriaId":"C8820A43-EACC-4CCE-9B21-989B6DE55139"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/e05dc512a437284f14624da23cca4a829a76aebf","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/e05dc512a437284f14624da23cca4a829a76aebf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-19576","sourceIdentifier":"cve@mitre.org","published":"2019-12-04T18:15:16.353","lastModified":"2026-06-26T14:53:03.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."},{"lang":"es","value":"El archivo class.upload.php en verot.net class.upload versiones anteriores a la versión  1.0.3 y versiones 2.x anteriores a la versión  2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .phar del conjunto de extensiones de archivos peligrosos."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"A8F26FB9-CDF6-483C-9E4C-501DA3FC14F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.4","matchCriteriaId":"496BFED6-1C37-4826-B1B9-6CA8F7E034FF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomlaworks:k2:*:*:*:*:*:joomla\\!:*:*","versionEndIncluding":"2.10.1","matchCriteriaId":"DDE7FF4A-3CDD-4930-86A6-0D7D0747497A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/jra89/CVE-2019-19576","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://medium.com/%40jra8908/cve-2019-19576-e9da712b779","source":"cve@mitre.org"},{"url":"https://www.verot.net","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.verot.net/php_class_upload.htm","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/jra89/CVE-2019-19576","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://medium.com/%40jra8908/cve-2019-19576-e9da712b779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.verot.net","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.verot.net/php_class_upload.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-19634","sourceIdentifier":"cve@mitre.org","published":"2019-12-17T18:15:14.870","lastModified":"2026-06-26T14:53:03.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."},{"lang":"es","value":"El archivo class.upload.php en verot.net class.upload versiones hasta la versión  1.0.3 y versiones 2.x hasta 2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .pht del conjunto de extensiones de archivo peligrosas, un problema similar al CVE-2019-19576."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.3","matchCriteriaId":"A8F26FB9-CDF6-483C-9E4C-501DA3FC14F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.4","matchCriteriaId":"496BFED6-1C37-4826-B1B9-6CA8F7E034FF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomlaworks:k2:*:*:*:*:*:joomla\\!:*:*","versionEndIncluding":"2.10.1","matchCriteriaId":"DDE7FF4A-3CDD-4930-86A6-0D7D0747497A"}]}]}],"references":[{"url":"https://github.com/jra89/CVE-2019-19634","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e","source":"cve@mitre.org"},{"url":"https://github.com/jra89/CVE-2019-19634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2020-8890","sourceIdentifier":"cve@mitre.org","published":"2020-02-12T00:15:09.513","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.121. Manejó inapropiadamente la distorsión del tiempo (entre la máquina que aloja el servidor web y la máquina que aloja la base de datos) cuando intenta bloquear una serie de peticiones inválidas de fuerza bruta."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.121","matchCriteriaId":"9EBF7B39-1C9D-4329-8A69-457E97134E51"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-8891","sourceIdentifier":"cve@mitre.org","published":"2020-02-12T00:15:09.607","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.121. No canonicalizó los nombres de usuario cuando intenta bloquear una serie de peticiones inválidas de fuerza bruta."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.121","matchCriteriaId":"9EBF7B39-1C9D-4329-8A69-457E97134E51"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-8892","sourceIdentifier":"cve@mitre.org","published":"2020-02-12T00:15:09.703","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.121. No consideró el método HTTP PUT al intentar bloquear una serie de peticiones inválidas de fuerza bruta."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.121","matchCriteriaId":"9EBF7B39-1C9D-4329-8A69-457E97134E51"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-8893","sourceIdentifier":"cve@mitre.org","published":"2020-02-12T00:15:09.810","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.121. La vista Galaxy contenía una cadena de búsqueda saneada incorrectamente en el archivo app/View/Galaxies/view.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.121","matchCriteriaId":"9EBF7B39-1C9D-4329-8A69-457E97134E51"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/3d982d92fd26584115c01f8c560a688d1096b65c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-bruteforce-protection-not-working-in-very-specific-environments/","source":"cve@mitre.org"},{"url":"https://zigrin.com/advisories/misp-reflected-xss-in-galaxy-view/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/3d982d92fd26584115c01f8c560a688d1096b65c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-bruteforce-protection-not-working-in-very-specific-environments/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://zigrin.com/advisories/misp-reflected-xss-in-galaxy-view/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2020-8894","sourceIdentifier":"cve@mitre.org","published":"2020-02-12T00:15:09.890","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.121. Las ACL para subprocesos (hilos) de discusión se manejaron inapropiadamente en los archivos app/Controller/ThreadsController.php y app/Model/Thread.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.121","matchCriteriaId":"9EBF7B39-1C9D-4329-8A69-457E97134E51"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-mishandling-of-discussion-threads-acls/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-mishandling-of-discussion-threads-acls/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2020-10246","sourceIdentifier":"cve@mitre.org","published":"2020-03-09T19:15:15.240","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp."},{"lang":"es","value":"MISP versión 2.4.122, presenta una vulnerabilidad de tipo XSS reflejado por medio de parámetros URL no saneados. Esto está relacionado con el archivo app/View/Users/statistics_orgs.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.122:*:*:*:*:*:*:*","matchCriteriaId":"28BD7829-0C59-4808-BCF4-5B30C88A6C10"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.123","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/43a0757fb33769d9ad4ca09e8f2ac572f9f6a491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.123","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-10247","sourceIdentifier":"cve@mitre.org","published":"2020-03-09T19:15:15.300","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp."},{"lang":"es","value":"MISP versión 2.4.122,  presenta una vulnerabilidad de tipo XSS Persistente en la herramienta popover de observación. Esto está relacionado con el archivo app/View/Elements/Events/View/sighting_field.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.122:*:*:*:*:*:*:*","matchCriteriaId":"28BD7829-0C59-4808-BCF4-5B30C88A6C10"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.123","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.123","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-11458","sourceIdentifier":"cve@mitre.org","published":"2020-04-02T12:15:15.870","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php."},{"lang":"es","value":"El archivo app/Model/feed.php en MISP versiones anteriores a  2.4.124,  permite a administradores elegir archivos arbitrarios que deberían ser consumidos por MISP. Esto no causa una filtración de todo el contenido de un archivo, pero sí una filtración de cadenas que coinciden con determinados patrones. Entre los datos que pueden filtrarse se encuentran las contraseñas desde el archivo database.php o las frases de clave GPG desde el archivo config.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.124","matchCriteriaId":"EECDD02E-0010-4073-94A1-C26A487E9573"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://matthias.sdfeu.org/misp-poc.py","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://matthias.sdfeu.org/misp-poc.py","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-13153","sourceIdentifier":"cve@mitre.org","published":"2020-05-18T22:15:12.843","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view."},{"lang":"es","value":"El archivo app/View/Events/resolved_attributes.ctp en MISP versiones anteriores a 2.4.126, presenta una vulnerabilidad de tipo XSS en la vista de atributos resueltos."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.126","matchCriteriaId":"90266D61-1D22-49DD-82EB-4466A436BAAE"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/2989aa05225aa9b3a592ca50cbf8350ef256909c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.125...v2.4.126","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/2989aa05225aa9b3a592ca50cbf8350ef256909c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.125...v2.4.126","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-14969","sourceIdentifier":"cve@mitre.org","published":"2020-06-22T12:15:10.290","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute."},{"lang":"es","value":"el archivo app/Model/Attribute.php en MISP versión 2.4.127, carece de una búsqueda de la ACL en las correlaciones de atributos. Esto ocurre cuando se consulta la API restsearch de atributo, revelando metadatos sobre un atributo correlativo pero inalcanzable"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.127:*:*:*:*:*:*:*","matchCriteriaId":"AADC8125-0B63-4F5F-9EF3-51C31EC27ACB"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/609bfbd450c933d21c50c9f0161d633c43413eb6","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/609bfbd450c933d21c50c9f0161d633c43413eb6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-15411","sourceIdentifier":"cve@mitre.org","published":"2020-06-30T14:15:11.813","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader."},{"lang":"es","value":"Se detectó un problema en MISP versión 2.4.128. El archivo app/Controller/AttributesController.php no presenta suficientes comprobaciones de la ACL en el descargador de archivos adjuntos"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.128:*:*:*:*:*:*:*","matchCriteriaId":"FBE5FC3D-A71C-4B22-A4E0-1F69BF847F86"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-15412","sourceIdentifier":"cve@mitre.org","published":"2020-06-30T14:15:11.877","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form."},{"lang":"es","value":"Se detectó un problema en MISP versión 2.4.128. El archivo app/Controller/EventsController.php carece de una comprobación de la ACL del evento antes de proceder a permitir a un usuario enviar un formulario de contacto de evento"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.128:*:*:*:*:*:*:*","matchCriteriaId":"FBE5FC3D-A71C-4B22-A4E0-1F69BF847F86"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-15711","sourceIdentifier":"cve@mitre.org","published":"2020-07-14T13:15:11.577","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.129, setting a favourite homepage was not CSRF protected."},{"lang":"es","value":"En MISP versiones anteriores a 2.4.129, se establece una página de inicio favorita que no fue protegida de CSRF"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.129","matchCriteriaId":"886275AC-5419-4ED9-98BF-D95D498FD026"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/bf4610c947c7dc372c4078f363d2dff6ae0703a8","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.128...v2.4.129","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/bf4610c947c7dc372c4078f363d2dff6ae0703a8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.128...v2.4.129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-25766","sourceIdentifier":"cve@mitre.org","published":"2020-09-18T18:15:17.347","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page."},{"lang":"es","value":"Se detectó un problema en MISP versiones anteriores a 2.4.132.&#xa0;Puede llevar a cabo una acción no deseada debido a una operación POST en un formulario que no está vinculado a la página de inicio de sesión"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.132","matchCriteriaId":"983D23C5-E69F-4FEF-AFCF-52DDA550F1D3"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/164963100a830234744a6004d5eda55d24e97b2a","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.131...v2.4.132","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/164963100a830234744a6004d5eda55d24e97b2a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.131...v2.4.132","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-28043","sourceIdentifier":"cve@mitre.org","published":"2020-11-02T21:15:31.400","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL."},{"lang":"es","value":"MISP versiones hasta 2.4.133, permite un ataque de tipo SSRF en el cliente REST por medio del parámetro use_full_path con una URL arbitraria"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.133","matchCriteriaId":"61E21EB9-3D17-432C-B376-9FCCC87067D5"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/6e81c8ee8ad19576c055b5c4773f914b918f32be","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/6e81c8ee8ad19576c055b5c4773f914b918f32be","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-28947","sourceIdentifier":"cve@mitre.org","published":"2020-11-19T18:15:15.163","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled."},{"lang":"es","value":"En MISP versión 2.4.134, una vulnerabilidad de tipo XSS se presenta en la vista de índice del elemento de plantilla porque el parámetro id es maneja inapropiadamente"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.134:*:*:*:*:*:*:*","matchCriteriaId":"C351B4B5-5FD2-497E-82B2-64E3A568D6D6"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/626ca544ffb5604ea01bb291f69811668b6b5631","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/626ca544ffb5604ea01bb291f69811668b6b5631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-29006","sourceIdentifier":"cve@mitre.org","published":"2020-11-24T15:15:12.873","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php."},{"lang":"es","value":"MISP versiones anteriores a 2.4.135, carece de una comprobación de la ACL, relacionada con los archivos app/Controller/GalaxyElementsController.php y app/ Model/GalaxyElement.php"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.135","matchCriteriaId":"DEBCF8BB-79F2-45C1-ABF9-F8CCF8A5B889"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/423750573d07f1a463f115ef37182c1825080da4","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.134...v2.4.135","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/423750573d07f1a463f115ef37182c1825080da4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.134...v2.4.135","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-29572","sourceIdentifier":"cve@mitre.org","published":"2020-12-06T00:15:11.333","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field."},{"lang":"es","value":"El archivo app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp en MISP versión 2.4.135 presenta una vulnerabilidad de tipo XSS por medio del campo de comentarios authkey"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.135:*:*:*:*:*:*:*","matchCriteriaId":"2F73503C-19C7-40A5-A136-7E028365CDA6"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/0bfc0bf38a7758b27c5c446fec5e3b905e5a54ab","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/0bfc0bf38a7758b27c5c446fec5e3b905e5a54ab","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-25323","sourceIdentifier":"cve@mitre.org","published":"2021-01-19T16:15:13.327","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password."},{"lang":"es","value":"La configuración predeterminada de MISP versión 2.4.136 no habilitó los requisitos (también se conoce como require_password_confirmation) para proporcionar la contraseña anterior al cambiar una contraseña"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.136:*:*:*:*:*:*:*","matchCriteriaId":"8931588F-3E6E-4C85-B0A8-4513BFE22072"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-25324","sourceIdentifier":"cve@mitre.org","published":"2021-01-19T16:15:13.390","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp."},{"lang":"es","value":"MISP versión 2.4.136, presenta un XSS Almacenado en la vista del clúster galaxy por medio de un nombre de clúster en el archivo app/View/GalaxyClusters/view.ctp"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.136:*:*:*:*:*:*:*","matchCriteriaId":"8931588F-3E6E-4C85-B0A8-4513BFE22072"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/741243f707cac7de1a3769a38e03004f037f4a3d","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/MISP/MISP/commit/741243f707cac7de1a3769a38e03004f037f4a3d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-25325","sourceIdentifier":"cve@mitre.org","published":"2021-01-19T16:15:13.453","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs."},{"lang":"es","value":"MISP versión 2.4.136, presenta un XSS por medio de valores de elementos del clúster galaxy en el archivo app/View/GalaxyElements/ajax/index.ctp.&#xa0;Los tipos de referencia pueden contener unas URL javascript:"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.136:*:*:*:*:*:*:*","matchCriteriaId":"8931588F-3E6E-4C85-B0A8-4513BFE22072"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/829c3199ba3afdecb52e0719509f3df4463be5b4","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/MISP/MISP/commit/829c3199ba3afdecb52e0719509f3df4463be5b4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-3184","sourceIdentifier":"cve@mitre.org","published":"2021-01-19T16:15:13.560","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button."},{"lang":"es","value":"MISP versión 2.4.136, presenta un XSS por medio de una URL diseñada para el botón favorito de la página de inicio del usuario app/View/Elements/global_menu.ctp"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.136:*:*:*:*:*:*:*","matchCriteriaId":"8931588F-3E6E-4C85-B0A8-4513BFE22072"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/8283e0fbec551f45f3f181cdb2cf29cddc23df66","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/8283e0fbec551f45f3f181cdb2cf29cddc23df66","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2020-24085","sourceIdentifier":"cve@mitre.org","published":"2021-01-26T18:15:42.927","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in \"path\" parameter, an attacker can execute malicious JavaScript code."},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en MISP v2.4.128 en el archivo app/Controller/UserSettingsController.php en la función SetHomePage().&#xa0;Debido a la falta de comprobación del controlador en el parámetro \"path\", un atacante puede ejecutar código JavaScript malicioso"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.128:*:*:*:*:*:*:*","matchCriteriaId":"FBE5FC3D-A71C-4B22-A4E0-1F69BF847F86"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/b3550b48f30ad9fef86c5b5c664487aaf6f52787","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/b3550b48f30ad9fef86c5b5c664487aaf6f52787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-27904","sourceIdentifier":"cve@mitre.org","published":"2021-03-02T07:15:12.760","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the \"all org\" flag sometimes provided view access to unintended actors."},{"lang":"es","value":"Se detectó un problema en el archivo app/Model/SharingGroupServer.php en MISP versión 2.4.139.&#xa0;En la implementación de Sharing Groups, el flag \"all org\" algunas veces proporcionaba acceso de visualización a actores no deseados"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.139","matchCriteriaId":"1061F9BC-43E0-4632-B7F4-AAE34D14D38B"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-31780","sourceIdentifier":"cve@mitre.org","published":"2021-04-23T20:15:08.027","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused."},{"lang":"es","value":"En el archivo app/Model/MispObject.php en MISP versión 2.4.141, una asociación de grupo de intercambio incorrecta podría conllevar a la divulgación de información en una edición de evento.&#xa0;Cuando un objeto presenta un grupo para compartir asociado con una edición de evento, el objeto del grupo para compartir se ignora y, en su lugar, es reutilizado la ID local pasado"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.141:*:*:*:*:*:*:*","matchCriteriaId":"9C1CC0CD-04B9-464F-8242-9E05C92C2245"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-35502","sourceIdentifier":"cve@mitre.org","published":"2021-06-25T21:15:07.593","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index."},{"lang":"es","value":"El archivo app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp en MISP versión 2.4.144, no sanea determinados datos relacionados con generic-template:index"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.144:*:*:*:*:*:*:*","matchCriteriaId":"EFEB0A19-ED58-4775-8F94-88DE47E5938C"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/2fde6476dc3173affc61874ba2adb35400a8fda5","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/2fde6476dc3173affc61874ba2adb35400a8fda5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-36212","sourceIdentifier":"cve@mitre.org","published":"2021-07-07T13:15:08.950","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view."},{"lang":"es","value":"Un archivo app/View/SharingGroups/view.ctp en MISP versiones anteriores a 2.4.146, permite un ataque de tipo XSS almacenado en la vista de grupos compartidos"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.146","matchCriteriaId":"011F3989-0C2F-4463-985D-1E58C7A1D1BE"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/01521d614cb578de75a406394b4f0426f6036ba7","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.145...v2.4.146","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/01521d614cb578de75a406394b4f0426f6036ba7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.145...v2.4.146","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-37534","sourceIdentifier":"cve@mitre.org","published":"2021-07-26T14:15:07.920","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster."},{"lang":"es","value":"un archivo app/View/GalaxyClusters/add.ctp en MISP versión 2.4.146, permite un ataque de tipo XSS almacenado cuando se bifurca un cluster galaxy"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.146:*:*:*:*:*:*:*","matchCriteriaId":"3C6B9973-98B8-4739-8459-B9AC26B5D808"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/78edbbca64a1edc4390560cc106d0d418064355d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/78edbbca64a1edc4390560cc106d0d418064355d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-37742","sourceIdentifier":"cve@mitre.org","published":"2021-07-30T15:15:09.257","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships."},{"lang":"es","value":"Un archivo app/View/Elements/GalaxyClusters/view_relation_tree.ctp en MISP versión 2.4.147, permite un ataque de tipo XSS almacenado cuando se visualizan las relaciones de los clusters galaxy"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.147:*:*:*:*:*:*:*","matchCriteriaId":"4680B128-1814-4BEA-8C41-E9AC37850406"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/af50add82433eb2a740c3621b99d9d14d2b1e192","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-when-viewing-galaxy-cluster-relationships/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/af50add82433eb2a740c3621b99d9d14d2b1e192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-when-viewing-galaxy-cluster-relationships/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2021-37743","sourceIdentifier":"cve@mitre.org","published":"2021-07-30T15:15:09.290","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format."},{"lang":"es","value":"Un archivo app/View/GalaxyElements/ajax/index.ctp en MISP versión 2.4.147, permite un ataque de tipo XSS almacenado cuando se visualizan los elementos del cluster galaxy en formato JSON"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.147:*:*:*:*:*:*:*","matchCriteriaId":"4680B128-1814-4BEA-8C41-E9AC37850406"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f318f7c0ddac7dfd2b1f246fd8f488d9dfc3a4bf","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/f318f7c0ddac7dfd2b1f246fd8f488d9dfc3a4bf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-39302","sourceIdentifier":"cve@mitre.org","published":"2021-08-19T17:15:07.313","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value."},{"lang":"es","value":"MISP versión 2.4.148, en determinadas configuraciones, permite una inyección SQL por medio del valor $conditions[\"org\"] del componente app/Model/Log.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.148:*:*:*:*:*:*:*","matchCriteriaId":"B4754558-21CF-4322-A2F1-060B05F7D58C"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/20d9020b76d1f6790c4d84e020d0cc97c929f66b","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/20d9020b76d1f6790c4d84e020d0cc97c929f66b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-41326","sourceIdentifier":"cve@mitre.org","published":"2021-09-17T18:15:08.427","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call."},{"lang":"es","value":"En MISP versiones anteriores a 2.4.148, el archivo app/Lib/Export/OpendataExport.php maneja inapropiadamente los datos de los parámetros que son usados en una llamada shell_exec"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.148","matchCriteriaId":"02EB2F6A-6E86-49BB-B6E6-6C38AFC229D9"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/e36f73947e741bc97320f0c42199acd1a94c7051","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.147...v2.4.148","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-command-injection-vulnerability-in-opendata-export/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/e36f73947e741bc97320f0c42199acd1a94c7051","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.147...v2.4.148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-command-injection-vulnerability-in-opendata-export/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-27243","sourceIdentifier":"cve@mitre.org","published":"2022-03-18T18:15:16.763","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.156. El archivo app/View/Users/terms.ctp permite una inclusión de archivos locales por medio de la configuración del archivo de términos personalizados"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.156","matchCriteriaId":"E0B3DF87-D89D-43BB-BD3C-401C84C782D8"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/8cc93687dcd68e1774b55a5c4e8125c0c8ddc288","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/8cc93687dcd68e1774b55a5c4e8125c0c8ddc288","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-27244","sourceIdentifier":"cve@mitre.org","published":"2022-03-18T18:15:16.800","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.156. Un administrador de sitio malicioso podría almacenar una carga útil de tipo XSS en el nombre de autenticación personalizado. Esto sería ejecutado cada vez que el administrador modificara un usuario"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.156","matchCriteriaId":"E0B3DF87-D89D-43BB-BD3C-401C84C782D8"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/61d4d3670593b78e4dab7a11eb620b7a372f30e6","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/61d4d3670593b78e4dab7a11eb620b7a372f30e6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-27245","sourceIdentifier":"cve@mitre.org","published":"2022-03-18T18:15:16.837","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.156. El archivo app/Model/Server.php no restringe generateServerSettings a la CLI. Esto podría conllevar a una vulnerabilidad de tipo SSRF"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.156","matchCriteriaId":"E0B3DF87-D89D-43BB-BD3C-401C84C782D8"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/8dcf414340c5ddedfebbc972601646d38e1d0717","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/8dcf414340c5ddedfebbc972601646d38e1d0717","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-27246","sourceIdentifier":"cve@mitre.org","published":"2022-03-18T18:15:16.877","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.156. Un logotipo SVG org (que puede contener JavaScript) no está prohibido por defecto"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.156","matchCriteriaId":"E0B3DF87-D89D-43BB-BD3C-401C84C782D8"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/08a07a38ae81f3b55d81cfcd4501ac1eb1c9c4dc","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/08a07a38ae81f3b55d81cfcd4501ac1eb1c9c4dc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-24291","sourceIdentifier":"hp-security-alert@hp.com","published":"2022-03-23T20:15:10.880","lastModified":"2026-06-25T18:09:30.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution."},{"lang":"es","value":"Algunos dispositivos de impresión de HP pueden ser vulnerables a una posible divulgación de información, denegación de servicio o ejecución de código remota"}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"n/a","product":"HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers","versions":[{"version":"before 002_2208A","status":"affected"},{"version":"before 2205D","status":"affected"},{"version":"before 001.2210B","status":"affected"},{"version":"before 001.2207C","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4892BBE4-32E4-430A-AA4D-4AE949D6CA8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"51315CBF-E4D5-4E4D-A9E2-24F849EF86D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F559428B-C853-4F43-8D9F-92F1DDC3EAD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4B9E898C-0F06-44BF-ACB6-2B3F8F6EFCC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3819DD11-DA5D-4384-88BE-38253BF4042C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"1EC2E78C-8096-4381-AD02-FE866956CB3B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3983252E-CBE2-46E9-8E78-FAEEA69B0A71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"23DC258B-B811-4172-824E-FFF5045FAE52"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8435607D-A04A-40F8-BD4A-A5EAFE8925D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B3D3F237-8014-4709-837C-F07FB42C8CAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6618A9E2-81A0-411E-B826-86408C7128C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F354870D-7199-4CE0-8AE6-598DE803336A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"95FBAB9C-C2D7-4A93-8B77-45688F993829"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3764CB2A-DC91-42A6-94CB-6045842176B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"E0425266-6E45-49C2-815C-3CCE6466811B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"488D86B4-0E6F-42D4-87B8-F0450FDB88CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"96BEA2D2-69C0-4836-AA04-31E31CBD43BA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D034B980-7232-4953-8C1A-C3AF0161FC78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"26527A02-1927-4EBC-8ECF-B0C202EC4E41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C2AE0E64-F616-4ED8-8987-0D83BA19C3B9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6526A716-E7D5-48F5-8DCA-528A3203B99F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"77D84290-DA2F-45B8-B9AE-A0AB61B56D43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"AE38C925-0934-4D32-851B-53698B36A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"7ED4D190-EAC5-48F8-BA3D-963AA56CB329"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D8CEC6B3-0166-4AC9-9640-A438ABB84497"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B5F20948-029B-4956-A5AA-F67BCAEBE513"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C421E437-70E5-4145-BED2-6DAEAF674015"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D43DA18B-119A-4A4F-B879-7212B5AB90FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"BDC76850-1D91-4BE6-B987-F46489A4C773"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D96E731D-DD19-46B5-A206-7B293CEAD77F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"FAF8F278-0BDA-4B34-8732-42B20C650D0A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"991B2C3F-A7EA-4839-915E-61B5972E0992"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"DD03D7A6-F357-45D1-978A-D3DBAF859A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8F47B66E-5198-4E28-9D76-2A2F45F52F60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"076E63D8-A3D4-40FC-9EC6-6EF78199D203"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F0CBFA81-AC80-49B6-B32C-FF0BE7543504"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"A32A1A68-87E3-40CF-8C27-1297BB69D5F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_352dw_j6u57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"20AF6A96-EF50-472C-AC73-57923005F915"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_352dw_j6u57a:-:*:*:*:*:*:*:*","matchCriteriaId":"B196E260-88F9-4E95-A88B-87B9F37765E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_377dw_j9v80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"77F7338C-1F88-442D-90E8-58154AB2B278"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_377dw_j9v80a:-:*:*:*:*:*:*:*","matchCriteriaId":"87EFE8B9-57A8-43CA-B0D7-FC833C45DF44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"743D62E7-6B37-4609-9AAB-7B4B3B5AD5C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55a:-:*:*:*:*:*:*:*","matchCriteriaId":"8F01DF42-E865-4257-9367-4693DBDAE928"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u51b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"DDA768D5-91E2-4ADE-9E01-1B0915338533"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u51b:-:*:*:*:*:*:*:*","matchCriteriaId":"59456D7A-A466-4B99-B7C4-609B29C86D5D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E47DBC80-8507-4BD6-9A88-9542B284444F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55b:-:*:*:*:*:*:*:*","matchCriteriaId":"1CCBFF3A-089D-46DA-9A7B-C20AF1C29EEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p57750dw_j9v82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"6B3ED565-8FE7-419E-9555-4321F4AD16E3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p57750dw_j9v82a:-:*:*:*:*:*:*:*","matchCriteriaId":"6D79C449-9336-4C19-BF9F-6BD3580BC47D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dn_d3q15a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AAD139B3-16A9-4BF4-8AFC-EA30852E889C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dn_d3q15a:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EA6B91-B74C-41FD-8F02-DBE79F15CE39"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dw_d3q16a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E57B191B-D70C-4DBE-8F5D-37E76780DAC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dw_d3q16a:-:*:*:*:*:*:*:*","matchCriteriaId":"1AA4BB73-0430-4B40-82B0-5FE18AC2A27B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dn_d3q19a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"CC2E890B-0609-480F-BA72-0C0E9613DABB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dn_d3q19a:-:*:*:*:*:*:*:*","matchCriteriaId":"50A3551F-66A3-4C8E-8117-9DB0144D8A90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dw_d3q20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"1C1F6E7D-40F2-4D83-A6DB-7CF180833714"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dw_d3q20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3C34D8DD-75F3-41A7-944E-6C729DC737C6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_552dw_d3q17a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"8CB41825-5521-4F2A-88C8-B658BACD0A4D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_552dw_d3q17a:-:*:*:*:*:*:*:*","matchCriteriaId":"C051C3D2-1F2A-4E92-BF3F-6BCAB518F071"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577dw_d3q21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AB1D345D-A4A0-4671-976D-F8DD9B98693C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577dw_d3q21a:-:*:*:*:*:*:*:*","matchCriteriaId":"5D58F934-510A-4249-B92A-ED788766AE44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577z_k9z76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"A570CFDA-42D9-4E42-9367-C0628638C277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577z_k9z76a:-:*:*:*:*:*:*:*","matchCriteriaId":"7C43C66E-64AC-444B-A1B1-62EB8A3D6FE1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"0E760C6A-D587-4950-94A6-7672EF2E11A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l63a:-:*:*:*:*:*:*:*","matchCriteriaId":"7CD88FB0-D5D7-47F7-996D-43945E014906"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l64a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"4F014881-CF80-4351-AED5-49EDDF540610"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l64a:-:*:*:*:*:*:*:*","matchCriteriaId":"02DED252-03AC-4F6D-8D39-E0C252C5AB18"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"5F452AAC-AB51-441F-8ABD-1D7734118E1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p65a:-:*:*:*:*:*:*:*","matchCriteriaId":"BB4A19B7-983C-44B6-BBB5-B12E9309FD73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"C43C77D3-16A8-49E3-A0B1-BB2A45A16D02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p66a:-:*:*:*:*:*:*:*","matchCriteriaId":"837EACEF-C3ED-4C64-8D28-55AF5023CD3E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p67a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"16B08473-3731-4108-996D-BF929D9CB10E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p67a:-:*:*:*:*:*:*:*","matchCriteriaId":"6B274A91-D1F4-4FEA-8328-287D3F7F8148"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p68a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"2B345F03-9B89-4067-AA16-AC3436CAD00F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p68a:-:*:*:*:*:*:*:*","matchCriteriaId":"972BA850-F159-4E3B-8849-7D1422CF1400"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8216_t0g70a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"9068C731-4B4D-472A-9AD1-9AD321C3242D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8216_t0g70a:-:*:*:*:*:*:*:*","matchCriteriaId":"3B298581-21DA-4651-87DB-D4266A5A36C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_d9l20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9E600554-E571-43BA-AC70-92A9B9CE276D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_d9l20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0EF8C9-D175-4BB2-A4E5-53B20496A006"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_k7s32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"24BAAB9E-4EDF-464F-B921-AAD54FE4F363"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_k7s32a:-:*:*:*:*:*:*:*","matchCriteriaId":"B31B6A89-3B57-4578-972D-6702C20A8A95"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_d9l21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"EE3E8706-7098-4E6D-A7C5-9C52668BE28E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_d9l21a:-:*:*:*:*:*:*:*","matchCriteriaId":"84167AA7-5420-4786-9A31-6455477FE2F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s42a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"2F00A444-910D-4073-91CA-788C808D4CC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s42a:-:*:*:*:*:*:*:*","matchCriteriaId":"D5096F99-0ADE-4166-BA25-6A807E1E0CEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_t0g65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"C2A0CEEB-C16D-4401-A7D8-A704F26406D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_t0g65a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AD98557-2AB9-4BB6-8945-B01CF2674534"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s39a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"0C2D5582-4CC1-4592-A4F1-B277130F26FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s39a:-:*:*:*:*:*:*:*","matchCriteriaId":"9CDAB9F1-07EC-4B65-9B09-59E206FE737C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_j6x83a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9C0D88CA-E9C6-4F39-A8C6-BEF52EAC7C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_j6x83a:-:*:*:*:*:*:*:*","matchCriteriaId":"69D3E8C9-2BEC-43B5-AC0D-B555F88BD9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"A841A5A0-71D0-40DC-9D1F-4CBEE4C7B1D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s43a:-:*:*:*:*:*:*:*","matchCriteriaId":"D81A9BA3-5DEF-4B5A-9BD5-AB7373C3C52F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"72538C01-FE1B-4AF3-B48C-15C885F36E01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s40a:-:*:*:*:*:*:*:*","matchCriteriaId":"FC71FD2B-2882-4ADE-820A-04BE937DDEEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"341E4BEC-DF33-4084-8908-16F06A0F36D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s41a:-:*:*:*:*:*:*:*","matchCriteriaId":"B6A0A890-4FE8-4ECA-B08C-B514C9C113A5"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-24292","sourceIdentifier":"hp-security-alert@hp.com","published":"2022-03-23T20:15:10.923","lastModified":"2026-06-25T18:08:20.993","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution."},{"lang":"es","value":"Algunos dispositivos de impresión de HP pueden ser vulnerables a una divulgación potencial de información, una denegación de servicio o a una ejecución de código remota"}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"n/a","product":"HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers","versions":[{"version":"before 002_2208A","status":"affected"},{"version":"before 2205D","status":"affected"},{"version":"before 001.2210B","status":"affected"},{"version":"before 001.2207C","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4892BBE4-32E4-430A-AA4D-4AE949D6CA8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"51315CBF-E4D5-4E4D-A9E2-24F849EF86D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F559428B-C853-4F43-8D9F-92F1DDC3EAD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4B9E898C-0F06-44BF-ACB6-2B3F8F6EFCC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3819DD11-DA5D-4384-88BE-38253BF4042C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"1EC2E78C-8096-4381-AD02-FE866956CB3B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3983252E-CBE2-46E9-8E78-FAEEA69B0A71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"23DC258B-B811-4172-824E-FFF5045FAE52"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8435607D-A04A-40F8-BD4A-A5EAFE8925D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B3D3F237-8014-4709-837C-F07FB42C8CAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6618A9E2-81A0-411E-B826-86408C7128C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F354870D-7199-4CE0-8AE6-598DE803336A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"95FBAB9C-C2D7-4A93-8B77-45688F993829"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3764CB2A-DC91-42A6-94CB-6045842176B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"E0425266-6E45-49C2-815C-3CCE6466811B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"488D86B4-0E6F-42D4-87B8-F0450FDB88CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"96BEA2D2-69C0-4836-AA04-31E31CBD43BA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D034B980-7232-4953-8C1A-C3AF0161FC78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"26527A02-1927-4EBC-8ECF-B0C202EC4E41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C2AE0E64-F616-4ED8-8987-0D83BA19C3B9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6526A716-E7D5-48F5-8DCA-528A3203B99F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"77D84290-DA2F-45B8-B9AE-A0AB61B56D43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"AE38C925-0934-4D32-851B-53698B36A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"7ED4D190-EAC5-48F8-BA3D-963AA56CB329"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D8CEC6B3-0166-4AC9-9640-A438ABB84497"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B5F20948-029B-4956-A5AA-F67BCAEBE513"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C421E437-70E5-4145-BED2-6DAEAF674015"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D43DA18B-119A-4A4F-B879-7212B5AB90FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"BDC76850-1D91-4BE6-B987-F46489A4C773"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D96E731D-DD19-46B5-A206-7B293CEAD77F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"FAF8F278-0BDA-4B34-8732-42B20C650D0A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"991B2C3F-A7EA-4839-915E-61B5972E0992"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"DD03D7A6-F357-45D1-978A-D3DBAF859A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8F47B66E-5198-4E28-9D76-2A2F45F52F60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"076E63D8-A3D4-40FC-9EC6-6EF78199D203"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F0CBFA81-AC80-49B6-B32C-FF0BE7543504"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"A32A1A68-87E3-40CF-8C27-1297BB69D5F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_352dw_j6u57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"20AF6A96-EF50-472C-AC73-57923005F915"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_352dw_j6u57a:-:*:*:*:*:*:*:*","matchCriteriaId":"B196E260-88F9-4E95-A88B-87B9F37765E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_377dw_j9v80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"77F7338C-1F88-442D-90E8-58154AB2B278"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_377dw_j9v80a:-:*:*:*:*:*:*:*","matchCriteriaId":"87EFE8B9-57A8-43CA-B0D7-FC833C45DF44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"743D62E7-6B37-4609-9AAB-7B4B3B5AD5C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55a:-:*:*:*:*:*:*:*","matchCriteriaId":"8F01DF42-E865-4257-9367-4693DBDAE928"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u51b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"DDA768D5-91E2-4ADE-9E01-1B0915338533"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u51b:-:*:*:*:*:*:*:*","matchCriteriaId":"59456D7A-A466-4B99-B7C4-609B29C86D5D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E47DBC80-8507-4BD6-9A88-9542B284444F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55b:-:*:*:*:*:*:*:*","matchCriteriaId":"1CCBFF3A-089D-46DA-9A7B-C20AF1C29EEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p57750dw_j9v82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"6B3ED565-8FE7-419E-9555-4321F4AD16E3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p57750dw_j9v82a:-:*:*:*:*:*:*:*","matchCriteriaId":"6D79C449-9336-4C19-BF9F-6BD3580BC47D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dn_d3q15a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AAD139B3-16A9-4BF4-8AFC-EA30852E889C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dn_d3q15a:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EA6B91-B74C-41FD-8F02-DBE79F15CE39"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dw_d3q16a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E57B191B-D70C-4DBE-8F5D-37E76780DAC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dw_d3q16a:-:*:*:*:*:*:*:*","matchCriteriaId":"1AA4BB73-0430-4B40-82B0-5FE18AC2A27B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dn_d3q19a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"CC2E890B-0609-480F-BA72-0C0E9613DABB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dn_d3q19a:-:*:*:*:*:*:*:*","matchCriteriaId":"50A3551F-66A3-4C8E-8117-9DB0144D8A90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dw_d3q20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"1C1F6E7D-40F2-4D83-A6DB-7CF180833714"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dw_d3q20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3C34D8DD-75F3-41A7-944E-6C729DC737C6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_552dw_d3q17a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"8CB41825-5521-4F2A-88C8-B658BACD0A4D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_552dw_d3q17a:-:*:*:*:*:*:*:*","matchCriteriaId":"C051C3D2-1F2A-4E92-BF3F-6BCAB518F071"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577dw_d3q21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AB1D345D-A4A0-4671-976D-F8DD9B98693C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577dw_d3q21a:-:*:*:*:*:*:*:*","matchCriteriaId":"5D58F934-510A-4249-B92A-ED788766AE44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577z_k9z76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"A570CFDA-42D9-4E42-9367-C0628638C277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577z_k9z76a:-:*:*:*:*:*:*:*","matchCriteriaId":"7C43C66E-64AC-444B-A1B1-62EB8A3D6FE1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"0E760C6A-D587-4950-94A6-7672EF2E11A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l63a:-:*:*:*:*:*:*:*","matchCriteriaId":"7CD88FB0-D5D7-47F7-996D-43945E014906"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l64a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"4F014881-CF80-4351-AED5-49EDDF540610"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l64a:-:*:*:*:*:*:*:*","matchCriteriaId":"02DED252-03AC-4F6D-8D39-E0C252C5AB18"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"5F452AAC-AB51-441F-8ABD-1D7734118E1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p65a:-:*:*:*:*:*:*:*","matchCriteriaId":"BB4A19B7-983C-44B6-BBB5-B12E9309FD73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"C43C77D3-16A8-49E3-A0B1-BB2A45A16D02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p66a:-:*:*:*:*:*:*:*","matchCriteriaId":"837EACEF-C3ED-4C64-8D28-55AF5023CD3E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p67a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"16B08473-3731-4108-996D-BF929D9CB10E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p67a:-:*:*:*:*:*:*:*","matchCriteriaId":"6B274A91-D1F4-4FEA-8328-287D3F7F8148"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p68a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"2B345F03-9B89-4067-AA16-AC3436CAD00F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p68a:-:*:*:*:*:*:*:*","matchCriteriaId":"972BA850-F159-4E3B-8849-7D1422CF1400"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8216_t0g70a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"9068C731-4B4D-472A-9AD1-9AD321C3242D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8216_t0g70a:-:*:*:*:*:*:*:*","matchCriteriaId":"3B298581-21DA-4651-87DB-D4266A5A36C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_d9l20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9E600554-E571-43BA-AC70-92A9B9CE276D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_d9l20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0EF8C9-D175-4BB2-A4E5-53B20496A006"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_k7s32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"24BAAB9E-4EDF-464F-B921-AAD54FE4F363"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_k7s32a:-:*:*:*:*:*:*:*","matchCriteriaId":"B31B6A89-3B57-4578-972D-6702C20A8A95"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_d9l21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"EE3E8706-7098-4E6D-A7C5-9C52668BE28E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_d9l21a:-:*:*:*:*:*:*:*","matchCriteriaId":"84167AA7-5420-4786-9A31-6455477FE2F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s42a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"2F00A444-910D-4073-91CA-788C808D4CC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s42a:-:*:*:*:*:*:*:*","matchCriteriaId":"D5096F99-0ADE-4166-BA25-6A807E1E0CEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_t0g65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"C2A0CEEB-C16D-4401-A7D8-A704F26406D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_t0g65a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AD98557-2AB9-4BB6-8945-B01CF2674534"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s39a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"0C2D5582-4CC1-4592-A4F1-B277130F26FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s39a:-:*:*:*:*:*:*:*","matchCriteriaId":"9CDAB9F1-07EC-4B65-9B09-59E206FE737C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_j6x83a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9C0D88CA-E9C6-4F39-A8C6-BEF52EAC7C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_j6x83a:-:*:*:*:*:*:*:*","matchCriteriaId":"69D3E8C9-2BEC-43B5-AC0D-B555F88BD9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"A841A5A0-71D0-40DC-9D1F-4CBEE4C7B1D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s43a:-:*:*:*:*:*:*:*","matchCriteriaId":"D81A9BA3-5DEF-4B5A-9BD5-AB7373C3C52F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"72538C01-FE1B-4AF3-B48C-15C885F36E01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s40a:-:*:*:*:*:*:*:*","matchCriteriaId":"FC71FD2B-2882-4ADE-820A-04BE937DDEEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"341E4BEC-DF33-4084-8908-16F06A0F36D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s41a:-:*:*:*:*:*:*:*","matchCriteriaId":"B6A0A890-4FE8-4ECA-B08C-B514C9C113A5"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-24293","sourceIdentifier":"hp-security-alert@hp.com","published":"2022-03-23T20:15:10.963","lastModified":"2026-06-25T18:09:18.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution."},{"lang":"es","value":"Algunos dispositivos de impresión de HP pueden ser vulnerables a una divulgación potencial de información, una denegación de servicio o a una ejecución de código remota"}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"n/a","product":"HP LaserJet Pro Printers; HP Pagewide Pro Printers; HP Officejet Printers","versions":[{"version":"before 002_2208A","status":"affected"},{"version":"before 2205D","status":"affected"},{"version":"before 001.2210B","status":"affected"},{"version":"before 001.2207C","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4892BBE4-32E4-430A-AA4D-4AE949D6CA8D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"51315CBF-E4D5-4E4D-A9E2-24F849EF86D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F559428B-C853-4F43-8D9F-92F1DDC3EAD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"4B9E898C-0F06-44BF-ACB6-2B3F8F6EFCC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3819DD11-DA5D-4384-88BE-38253BF4042C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"1EC2E78C-8096-4381-AD02-FE866956CB3B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3983252E-CBE2-46E9-8E78-FAEEA69B0A71"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"23DC258B-B811-4172-824E-FFF5045FAE52"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8435607D-A04A-40F8-BD4A-A5EAFE8925D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B3D3F237-8014-4709-837C-F07FB42C8CAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6618A9E2-81A0-411E-B826-86408C7128C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F354870D-7199-4CE0-8AE6-598DE803336A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"95FBAB9C-C2D7-4A93-8B77-45688F993829"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"3764CB2A-DC91-42A6-94CB-6045842176B4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"E0425266-6E45-49C2-815C-3CCE6466811B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"488D86B4-0E6F-42D4-87B8-F0450FDB88CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"96BEA2D2-69C0-4836-AA04-31E31CBD43BA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"2A644489-F10B-406A-BCC3-173395FDDFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D034B980-7232-4953-8C1A-C3AF0161FC78"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"26527A02-1927-4EBC-8ECF-B0C202EC4E41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C2AE0E64-F616-4ED8-8987-0D83BA19C3B9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"6526A716-E7D5-48F5-8DCA-528A3203B99F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"77D84290-DA2F-45B8-B9AE-A0AB61B56D43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"AE38C925-0934-4D32-851B-53698B36A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"7ED4D190-EAC5-48F8-BA3D-963AA56CB329"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D8CEC6B3-0166-4AC9-9640-A438ABB84497"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"B5F20948-029B-4956-A5AA-F67BCAEBE513"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"C421E437-70E5-4145-BED2-6DAEAF674015"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D43DA18B-119A-4A4F-B879-7212B5AB90FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"BDC76850-1D91-4BE6-B987-F46489A4C773"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"D96E731D-DD19-46B5-A206-7B293CEAD77F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"FAF8F278-0BDA-4B34-8732-42B20C650D0A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"991B2C3F-A7EA-4839-915E-61B5972E0992"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"DD03D7A6-F357-45D1-978A-D3DBAF859A0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"8F47B66E-5198-4E28-9D76-2A2F45F52F60"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"076E63D8-A3D4-40FC-9EC6-6EF78199D203"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"F0CBFA81-AC80-49B6-B32C-FF0BE7543504"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2208a","matchCriteriaId":"A32A1A68-87E3-40CF-8C27-1297BB69D5F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_352dw_j6u57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"20AF6A96-EF50-472C-AC73-57923005F915"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_352dw_j6u57a:-:*:*:*:*:*:*:*","matchCriteriaId":"B196E260-88F9-4E95-A88B-87B9F37765E8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_377dw_j9v80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"77F7338C-1F88-442D-90E8-58154AB2B278"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_377dw_j9v80a:-:*:*:*:*:*:*:*","matchCriteriaId":"87EFE8B9-57A8-43CA-B0D7-FC833C45DF44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"743D62E7-6B37-4609-9AAB-7B4B3B5AD5C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55a:-:*:*:*:*:*:*:*","matchCriteriaId":"8F01DF42-E865-4257-9367-4693DBDAE928"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u51b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"DDA768D5-91E2-4ADE-9E01-1B0915338533"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u51b:-:*:*:*:*:*:*:*","matchCriteriaId":"59456D7A-A466-4B99-B7C4-609B29C86D5D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p55250dw_j6u55b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E47DBC80-8507-4BD6-9A88-9542B284444F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p55250dw_j6u55b:-:*:*:*:*:*:*:*","matchCriteriaId":"1CCBFF3A-089D-46DA-9A7B-C20AF1C29EEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_managed_p57750dw_j9v82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"6B3ED565-8FE7-419E-9555-4321F4AD16E3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_managed_p57750dw_j9v82a:-:*:*:*:*:*:*:*","matchCriteriaId":"6D79C449-9336-4C19-BF9F-6BD3580BC47D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dn_d3q15a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AAD139B3-16A9-4BF4-8AFC-EA30852E889C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dn_d3q15a:-:*:*:*:*:*:*:*","matchCriteriaId":"C9EA6B91-B74C-41FD-8F02-DBE79F15CE39"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_452dw_d3q16a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"E57B191B-D70C-4DBE-8F5D-37E76780DAC1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_452dw_d3q16a:-:*:*:*:*:*:*:*","matchCriteriaId":"1AA4BB73-0430-4B40-82B0-5FE18AC2A27B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dn_d3q19a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"CC2E890B-0609-480F-BA72-0C0E9613DABB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dn_d3q19a:-:*:*:*:*:*:*:*","matchCriteriaId":"50A3551F-66A3-4C8E-8117-9DB0144D8A90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_477dw_d3q20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"1C1F6E7D-40F2-4D83-A6DB-7CF180833714"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_477dw_d3q20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3C34D8DD-75F3-41A7-944E-6C729DC737C6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_552dw_d3q17a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"8CB41825-5521-4F2A-88C8-B658BACD0A4D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_552dw_d3q17a:-:*:*:*:*:*:*:*","matchCriteriaId":"C051C3D2-1F2A-4E92-BF3F-6BCAB518F071"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577dw_d3q21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"AB1D345D-A4A0-4671-976D-F8DD9B98693C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577dw_d3q21a:-:*:*:*:*:*:*:*","matchCriteriaId":"5D58F934-510A-4249-B92A-ED788766AE44"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:pagewide_pro_577z_k9z76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2205d","matchCriteriaId":"A570CFDA-42D9-4E42-9367-C0628638C277"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:pagewide_pro_577z_k9z76a:-:*:*:*:*:*:*:*","matchCriteriaId":"7C43C66E-64AC-444B-A1B1-62EB8A3D6FE1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"0E760C6A-D587-4950-94A6-7672EF2E11A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l63a:-:*:*:*:*:*:*:*","matchCriteriaId":"7CD88FB0-D5D7-47F7-996D-43945E014906"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_d9l64a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"4F014881-CF80-4351-AED5-49EDDF540610"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_d9l64a:-:*:*:*:*:*:*:*","matchCriteriaId":"02DED252-03AC-4F6D-8D39-E0C252C5AB18"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"5F452AAC-AB51-441F-8ABD-1D7734118E1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p65a:-:*:*:*:*:*:*:*","matchCriteriaId":"BB4A19B7-983C-44B6-BBB5-B12E9309FD73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"C43C77D3-16A8-49E3-A0B1-BB2A45A16D02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p66a:-:*:*:*:*:*:*:*","matchCriteriaId":"837EACEF-C3ED-4C64-8D28-55AF5023CD3E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p67a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"16B08473-3731-4108-996D-BF929D9CB10E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p67a:-:*:*:*:*:*:*:*","matchCriteriaId":"6B274A91-D1F4-4FEA-8328-287D3F7F8148"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8210_j3p68a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"2B345F03-9B89-4067-AA16-AC3436CAD00F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8210_j3p68a:-:*:*:*:*:*:*:*","matchCriteriaId":"972BA850-F159-4E3B-8849-7D1422CF1400"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8216_t0g70a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2210b","matchCriteriaId":"9068C731-4B4D-472A-9AD1-9AD321C3242D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8216_t0g70a:-:*:*:*:*:*:*:*","matchCriteriaId":"3B298581-21DA-4651-87DB-D4266A5A36C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_d9l20a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9E600554-E571-43BA-AC70-92A9B9CE276D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_d9l20a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0EF8C9-D175-4BB2-A4E5-53B20496A006"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8730_k7s32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"24BAAB9E-4EDF-464F-B921-AAD54FE4F363"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8730_k7s32a:-:*:*:*:*:*:*:*","matchCriteriaId":"B31B6A89-3B57-4578-972D-6702C20A8A95"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_d9l21a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"EE3E8706-7098-4E6D-A7C5-9C52668BE28E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_d9l21a:-:*:*:*:*:*:*:*","matchCriteriaId":"84167AA7-5420-4786-9A31-6455477FE2F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s42a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"2F00A444-910D-4073-91CA-788C808D4CC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s42a:-:*:*:*:*:*:*:*","matchCriteriaId":"D5096F99-0ADE-4166-BA25-6A807E1E0CEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_t0g65a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"C2A0CEEB-C16D-4401-A7D8-A704F26406D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_t0g65a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AD98557-2AB9-4BB6-8945-B01CF2674534"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s39a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"0C2D5582-4CC1-4592-A4F1-B277130F26FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s39a:-:*:*:*:*:*:*:*","matchCriteriaId":"9CDAB9F1-07EC-4B65-9B09-59E206FE737C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_j6x83a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"9C0D88CA-E9C6-4F39-A8C6-BEF52EAC7C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_j6x83a:-:*:*:*:*:*:*:*","matchCriteriaId":"69D3E8C9-2BEC-43B5-AC0D-B555F88BD9BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"A841A5A0-71D0-40DC-9D1F-4CBEE4C7B1D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s43a:-:*:*:*:*:*:*:*","matchCriteriaId":"D81A9BA3-5DEF-4B5A-9BD5-AB7373C3C52F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"72538C01-FE1B-4AF3-B48C-15C885F36E01"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s40a:-:*:*:*:*:*:*:*","matchCriteriaId":"FC71FD2B-2882-4ADE-820A-04BE937DDEEB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:officejet_pro_8740_k7s41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"001.2207c","matchCriteriaId":"341E4BEC-DF33-4084-8908-16F06A0F36D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:officejet_pro_8740_k7s41a:-:*:*:*:*:*:*:*","matchCriteriaId":"B6A0A890-4FE8-4ECA-B08C-B514C9C113A5"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_5950417-5950443-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-29528","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.417","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Puede producirse una deserialización de PHAR"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/93821c0de6a7dd32262ce62212773f43136ca66e","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-phar-deserialization/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/93821c0de6a7dd32262ce62212773f43136ca66e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-phar-deserialization/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29529","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.467","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado por medio del campo de inicio de sesión de LinOTP"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/9623de2f5cca011afc581d55cfa5ce87682894fd","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-via-the-linotp-login-field/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/9623de2f5cca011afc581d55cfa5ce87682894fd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-via-the-linotp-login-field/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29530","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.513","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado en los clusters de galaxias"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/107e271d78c255d658ce998285fe6f6c4f291b41","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-in-the-galaxy-clusters/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/107e271d78c255d658ce998285fe6f6c4f291b41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-in-the-galaxy-clusters/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29531","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.557","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado en el gráfico de eventos por medio de un nombre de etiqueta"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/bb3b7a7e91862742cae228c43b3091bad476dcc0","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-in-the-event-graph/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/bb3b7a7e91862742cae228c43b3091bad476dcc0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-stored-xss-in-the-event-graph/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29532","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.597","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS en la visualización cerebrada si un administrador pone un javascript: URL en el campo URL, y otro administrador hace clic en él"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/60c85b80e3ab05c3ef015bca5630e95eddbb1436","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-the-cerebrate-view/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/60c85b80e3ab05c3ef015bca5630e95eddbb1436","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-the-cerebrate-view/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29533","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.643","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a \"weird single checkbox page.\""},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS en el componente app/Controller/OrganisationsController.php en una situación con un \"weird single checkbox page.\""}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/ce6bc88e330f5ef50666b149d86c0d94f545f24e","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-app-controller-organisationscontroller-php/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/ce6bc88e330f5ef50666b149d86c0d94f545f24e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-app-controller-organisationscontroller-php/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-29534","sourceIdentifier":"cve@mitre.org","published":"2022-04-20T23:15:08.687","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an \"Accept: application/json\" header."},{"lang":"es","value":"Se ha detectado un problema en MISP versiones anteriores a 2.4.158. En el archivo UsersController.php, la confirmación de la contraseña puede omitirse por medio de vectores que implican un encabezado \"Accept: application/json\""}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.158","matchCriteriaId":"FDCD4978-D554-40B7-968A-C828A6999733"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/01120163a6b4d905029d416e7305575df31df8af","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-password-confirmation-can-be-bypassed/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-the-impact-of-a-php-vulnerability-exploring-the-password-confirmation-bypass-in-misp/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/01120163a6b4d905029d416e7305575df31df8af","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-password-confirmation-can-be-bypassed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-the-impact-of-a-php-vulnerability-exploring-the-password-confirmation-bypass-in-misp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-20773","sourceIdentifier":"psirt@cisco.com","published":"2022-04-21T19:15:08.290","lastModified":"2026-06-22T13:52:07.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA."},{"lang":"es","value":"Una vulnerabilidad en el mecanismo de autenticación SSH basado en claves de Cisco Umbrella Virtual Appliance (VA) podría permitir a un atacante remoto no autenticado hacerse pasar por un VA. Esta vulnerabilidad es debido a la presencia de una clave de host SSH estática. Un atacante podría aprovechar esta vulnerabilidad al llevar a cabo un ataque de tipo man-in-the-middle en una conexión SSH a la VA de Umbrella. Un ataque con éxito podría permitir al atacante conocer las credenciales del administrador, cambiar la configuración o recargar la VA. Nota: SSH no está habilitado por defecto en la VA de Umbrella"}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Umbrella Insights Virtual Appliance","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-06T16:00:11.220768Z","id":"CVE-2022-20773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.2","matchCriteriaId":"BD418B0F-7D0D-4CF0-B7F9-B55FE9DD633F"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-21535","sourceIdentifier":"secalert_us@oracle.com","published":"2022-07-19T22:15:11.450","lastModified":"2026-06-22T15:28:18.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Shell. CVSS 3.1 Base Score 2.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."},{"lang":"es","value":"Una vulnerabilidad en el producto MySQL Shell de Oracle MySQL (componente: Shell: General/Core Client). Las versiones compatibles que están afectadas son 8.0.28 y anteriores. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la infraestructura donde es ejecutado MySQL Shell comprometer MySQL Shell. Los ataques con éxito requieren una interacción humana de una persona diferente del atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de MySQL Shell. CVSS 3.1, Puntuación Base 2.5 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"MySQL Server","versions":[{"version":"8.0.28 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-24T14:07:15.685128Z","id":"CVE-2022-21535","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:*:*:*:*:*:-:*:*","versionEndIncluding":"8.0.28","matchCriteriaId":"E6777366-A3DE-49F3-9B95-0988D386B9C8"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-1754","sourceIdentifier":"secalert@redhat.com","published":"2022-08-05T16:15:10.733","lastModified":"2026-06-23T16:16:57.220","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups."},{"lang":"es","value":"En Moodle versiones anteriores a 3.8.2, 3.7.5, 3.6.9 y 3.5.11, los usuarios visualizando el informe del historial de calificaciones sin la capacidad de \"access all groups\" no estaban restringidos a visualizar las calificaciones de usuarios de sus propios grupos"}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"Moodle","versions":[{"version":"3.8.2, 3.7.5, 3.6.9 and 3.5.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T17:35:16.471586Z","id":"CVE-2020-1754","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.11","matchCriteriaId":"EB8B1DEA-6709-42F2-AA76-4B4A05728923"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.9","matchCriteriaId":"05055E7F-8F64-4FBF-94E1-51A91B1614AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.5","matchCriteriaId":"881876E5-5C59-449E-8109-975EFCA9F722"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*","matchCriteriaId":"58615240-5190-4E7D-A3C9-F56BA9F46D4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*","matchCriteriaId":"B4DE915F-95E1-455E-BC4F-51E08AE3A676"}]}]}],"references":[{"url":"https://moodle.org/mod/forum/discuss.php?d=398350","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=398350","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-2356","sourceIdentifier":"contact@wpscan.com","published":"2022-08-08T14:15:08.807","lastModified":"2026-06-23T16:16:57.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded."},{"lang":"es","value":"El plugin Frontend File Manager &amp; Sharing de WordPress versiones anteriores a 1.1.3, no filtra las extensiones de los archivos cuando permite a usuarios subirlos al servidor, lo que puede conllevar a una subida de código malicioso"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Frontend File Manager & Sharing – User Private Files","versions":[{"version":"1.1.3","lessThan":"1.1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:39:29.716210Z","id":"CVE-2022-2356","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediajedi:user_private_files:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.1.3","matchCriteriaId":"C9B3E120-1ADC-439A-BDCC-4727579206DB"}]}]}],"references":[{"url":"https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/67f3948e-27d4-47a8-8572-616143b9cf43/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2022-36124","sourceIdentifier":"security@apache.org","published":"2022-08-09T07:15:07.443","lastModified":"2026-06-23T16:16:58.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue."},{"lang":"es","value":"Es posible que un Lector consuma memoria más allá de las restricciones permitidas y, por tanto, conlleve a una falta de memoria en el sistema. Este problema afecta a las aplicaciones Rust usando el SDK de Apache Avro Rust versiones anteriores a 0.14.0 (anteriormente se conoce como avro-rs). Los usuarios deben actualizar a versión 0.14.0 de apache-avro que aborda este problema"}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Avro","platforms":["Rust"],"versions":[{"version":"unspecified","lessThan":"0.14.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:47:06.317409Z","id":"CVE-2022-36124","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:avro:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.14.0","matchCriteriaId":"078DE3C4-24C6-41C6-ABAC-C07A15D4BD8E"}]}]}],"references":[{"url":"https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/kj429rzo1xxjgz058qqqg0y7c0p512zo","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-33643","sourceIdentifier":"securities@openeuler.org","published":"2022-08-10T20:15:20.450","lastModified":"2026-06-23T16:16:57.427","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read."},{"lang":"es","value":"Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de encabezado siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longlink, causando una lectura fuera de límites"}],"affected":[{"source":"securities@openeuler.org","affectedData":[{"vendor":"n/a","product":"libtar","versions":[{"version":"<1.2.21","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:41:54.824443Z","id":"CVE-2021-33643","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"securities@openeuler.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.21","matchCriteriaId":"9FB33CE5-5B11-49D2-9277-67E941584A35"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*","matchCriteriaId":"464D2E5A-0D36-4893-85A4-2267AE0333DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:20.03:sp3:*:*:lts:*:*:*","matchCriteriaId":"A98D36A4-869D-4F90-9434-599915671828"},{"vulnerable":true,"criteria":"cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*","matchCriteriaId":"5975B9D2-6A0F-43DE-806E-C8FC6D152EF6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/","source":"securities@openeuler.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/","source":"securities@openeuler.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/","source":"securities@openeuler.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/","source":"securities@openeuler.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/","source":"securities@openeuler.org"},{"url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807","source":"securities@openeuler.org","tags":["Broken Link","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-35293","sourceIdentifier":"cna@sap.com","published":"2022-08-10T20:15:53.800","lastModified":"2026-06-23T16:16:57.823","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application."},{"lang":"es","value":"Debido a una administración insegura de la sesión, SAP Enable Now permite a un atacante no autenticado obtener acceso a la cuenta del usuario. Si es explotado con éxito, un atacante puede visualizar o modificar los datos del usuario causando un impacto limitado en la confidencialidad e integridad de la aplicación"}],"affected":[{"source":"cna@sap.com","affectedData":[{"vendor":"SAP SE","product":"SAP Enable Now Manager","versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:59:23.210855Z","id":"CVE-2022-35293","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:enable_now_manager:1.0:*:*:*:*:*:*:*","matchCriteriaId":"A4385CB9-7FB2-41B5-BE5C-CE268E6E8880"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3210566","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3210566","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-35509","sourceIdentifier":"cve@mitre.org","published":"2022-08-10T20:15:54.410","lastModified":"2026-06-23T16:16:58.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information."},{"lang":"es","value":"Se ha detectado un problema en EyouCMS versión 1.5.8. se presenta una vulnerabilidad de tipo XSS Almacenado que puede permitir a un atacante ejecutar scripts web o HTML arbitrarios al inyectar una carga útil especial por medio del parámetro title en la contribución de primer plano, lo que permite al atacante obtener información confidencial"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T13:32:05.401609Z","id":"CVE-2022-35509","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eyoucms:eyoucms:1.5.8:*:*:*:*:*:*:*","matchCriteriaId":"82E421EB-ECC8-42A4-8384-4187474D1AC3"}]}]}],"references":[{"url":"https://github.com/eyoucms/eyoucms/issues/25","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/eyoucms/eyoucms/issues/25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-42724","sourceIdentifier":"cve@mitre.org","published":"2022-10-10T05:15:09.237","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have)."},{"lang":"es","value":"El archivo app/Controller/UsersController.php en MISP versiones anteriores a 2.4.164, permite a atacantes detectar los nombres de los roles (esta es una información que sólo el administrador del sitio debería tener)"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.164","matchCriteriaId":"01D95B58-C68D-4927-9EE4-C9A676167F91"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-20969","sourceIdentifier":"psirt@cisco.com","published":"2022-11-04T18:15:11.570","lastModified":"2026-06-22T13:54:42.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard.\r\n\r This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to the web application and persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."},{"lang":"es","value":"Una vulnerabilidad en varias páginas del panel de administración de Cisco Umbrella podría permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) contra un usuario del panel de Cisco Umbrella. Esta vulnerabilidad se debe a la entrada de usuario no sanitizada. Un atacante podría aprovechar esta vulnerabilidad enviando JavaScript personalizado a la aplicación web y persuadiendo a un usuario de la interfaz para que haga clic en un enlace creado con fines malintencionados. Un exploit exitoso podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz o acceder a información confidencial basada en el navegador."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Umbrella Dashboard","versions":[{"version":"N/A","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-29T21:16:35.965437Z","id":"CVE-2022-20969","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella:-:*:*:*:*:*:*:*","matchCriteriaId":"50FCF83B-9E18-4B12-BCE1-85F5E8284374"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-xss-LfeYQV3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2022-20922","sourceIdentifier":"psirt@cisco.com","published":"2022-11-15T21:15:30.743","lastModified":"2026-06-22T15:00:00.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device.\r\n\r These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition.\r\n\r Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details [\"#details\"] section of this advisory for more information.\r\n\r Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected."},{"lang":"es","value":"Múltiples vulnerabilidades en el procesador Server Message Block Versión 2 (SMB2) del motor de detección Snort en múltiples productos Cisco podrían permitir que un atacante remoto no autenticado omita las políticas configuradas o cause una condición de Denegación de Servicio (DoS) en un dispositivo afectado. Estas vulnerabilidades se deben a una gestión inadecuada de los recursos del sistema cuando el motor de detección de Snort procesa el tráfico SMB2. Un atacante podría aprovechar estas vulnerabilidades enviando unalto número de ciertos tipos de paquetes SMB2 a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante activar una recarga del proceso Snort, lo que resultaría en una condición DoS. Nota: Cuando la opción Snort preserve-connection está habilitada para el motor de detección de Snort, un exploit exitoso también podría permitir al atacante omitir las políticas configuradas y entregar un payload malicioso a la red protegida. La configuración de preservación de conexión de Snort está habilitada de forma predeterminada. Consulte la sección Detalles [\"#details\"] de este aviso para obtener más información. Nota: Sólo se ven afectados los productos que tienen Snort 3 configurado. Los productos configurados con Snort 2 no se ven afectados."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Firepower Threat Defense Software","versions":[{"version":"7.1.0","status":"affected"},{"version":"7.1.0.1","status":"affected"},{"version":"7.1.0.2","status":"affected"},{"version":"7.2.0","status":"affected"},{"version":"7.2.0.1","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Umbrella Insights Virtual Appliance","versions":[{"version":"1.5.4","status":"affected"},{"version":"1.5.5","status":"affected"},{"version":"1.5.6","status":"affected"},{"version":"2.0.0","status":"affected"},{"version":"2.0.2","status":"affected"},{"version":"2.0.3","status":"affected"},{"version":"2.1.0","status":"affected"},{"version":"2.1.2","status":"affected"},{"version":"2.1.5","status":"affected"},{"version":"2.1.4","status":"affected"},{"version":"2.4.12","status":"affected"},{"version":"2.4.6","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.4.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.5.4","status":"affected"},{"version":"2.5.5","status":"affected"},{"version":"2.5.6","status":"affected"},{"version":"2.5.7","status":"affected"},{"version":"2.6.0","status":"affected"},{"version":"2.6.1","status":"affected"},{"version":"2.6.2","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.8.9","status":"affected"},{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"2.3.1","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.2.1","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Cyber Vision","versions":[{"version":"3.0.4","status":"affected"},{"version":"3.0.0","status":"affected"},{"version":"3.0.1","status":"affected"},{"version":"3.0.2","status":"affected"},{"version":"3.0.3","status":"affected"},{"version":"3.0.5","status":"affected"},{"version":"3.0.6","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.1.2","status":"affected"},{"version":"3.1.1","status":"affected"},{"version":"3.2.3","status":"affected"},{"version":"3.2.1","status":"affected"},{"version":"3.2.4","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.2.2","status":"affected"},{"version":"4.0.0","status":"affected"},{"version":"4.0.1","status":"affected"},{"version":"4.0.2","status":"affected"},{"version":"4.0.3","status":"affected"},{"version":"4.1.0","status":"affected"},{"version":"4.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-244"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D619BF54-1BA9-45D0-A876-92D7010088A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"469EA365-DED5-4436-AAC2-5553529DE700"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4D94F400-5A35-41F5-B37F-E9DA6F87ED8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"16FD5D12-CF1A-4990-99B3-1840EFBA5611"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:7.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FCD2D11D-FF08-44E4-BF67-D8DD1E701FCD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:1.5.4:*:*:*:*:*:*:*","matchCriteriaId":"5332EECB-0BA3-4C53-A72D-C442C85036F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"A0369595-4C99-466A-A61F-D70EC8CCD0A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:1.5.6:*:*:*:*:*:*:*","matchCriteriaId":"5D4BC2DA-3FE0-424E-8CB2-67E8D47654C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5FC83D27-3A16-4B27-AB46-4C88E716E216"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"FCC31550-1FFF-488D-AB9A-51D41138ACF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"1B55773A-A315-4CB6-A737-618A5DE4A88D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"10434CDE-11B9-43F6-916C-1048B8A27436"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"EF2D8042-7070-4041-AA45-EF4FB3C8933B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"E6AAD32C-D6DB-4C3E-A47E-7012F785949F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"C5813C32-47FA-4E3E-98E2-0979F868735B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.2:*:*:*:*:*:*:*","matchCriteriaId":"2F9A0BC5-12F9-4B82-AF91-6DE5FCBD2FF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"05699B19-EAB8-4F72-A7FF-F84F7A56C2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.3:*:*:*:*:*:*:*","matchCriteriaId":"40CFCE5D-96DD-4405-8283-FF8FC345F555"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E4BEB113-9EAC-436B-81F5-32FB2130CC77"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.4:*:*:*:*:*:*:*","matchCriteriaId":"2C478A5D-E652-4DD6-B94D-4CE17A75331B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.4.4:*:*:*:*:*:*:*","matchCriteriaId":"668D88C8-D89D-4A3E-B775-5FDB16E80D60"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.4.6:*:*:*:*:*:*:*","matchCriteriaId":"3390BC8A-8FBB-4C1C-86CA-6B7F0D518264"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.4.12:*:*:*:*:*:*:*","matchCriteriaId":"32113B58-88B9-4948-9D9B-B682DE51866E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.5:*:*:*:*:*:*:*","matchCriteriaId":"C6DAB0FC-9E96-41C5-B0B0-C11B81216BCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.5.4:*:*:*:*:*:*:*","matchCriteriaId":"8B845FB0-020A-4C96-B54A-171E62022225"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.5.5:*:*:*:*:*:*:*","matchCriteriaId":"2E3C9906-E4B8-43F5-9CA0-45E929A493E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.5.6:*:*:*:*:*:*:*","matchCriteriaId":"54A717A0-B5B3-40B7-8B78-69B958BA5F1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.5.7:*:*:*:*:*:*:*","matchCriteriaId":"7EE4EED6-B705-460B-BCF6-7E3B826AB22E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"9E553800-3955-4F19-9E20-EBAD404EA88F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.6.1:*:*:*:*:*:*:*","matchCriteriaId":"2CD98E41-6F2A-4480-AC89-533C9EA1E7CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.6.2:*:*:*:*:*:*:*","matchCriteriaId":"13A59676-75A7-437D-B22F-3E11FA47203D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.7:*:*:*:*:*:*:*","matchCriteriaId":"9339882E-C276-4DF1-B41A-61A5E05CA85F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.8:*:*:*:*:*:*:*","matchCriteriaId":"3AC4174F-4784-486D-996F-D0EDA0CE006C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"6CBBF364-3729-4D61-8C0A-75D226E4A375"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:3.0:*:*:*:*:*:*:*","matchCriteriaId":"0BAAF252-6958-4A3C-A909-57EDC79DC64D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:3.1:*:*:*:*:*:*:*","matchCriteriaId":"EE0536D0-FBB0-4E49-8929-11A547B614DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:3.2:*:*:*:*:*:*:*","matchCriteriaId":"75146EF3-BCD6-4C87-8675-436FB3243CB2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3297323C-B263-45EA-90CE-2B8415C9E498"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"797AD8A4-083B-4A9E-A49D-65EE828E1637"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4EB16212-A9DC-4C8C-B220-9619C65436EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"9C64043F-1F0D-47F7-AEEE-309B239891DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E1F7F871-C211-4DC6-8020-1075405BAE17"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"30E42800-B7C9-4006-8B7A-5A9A5F5EB234"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EE33F541-232E-4432-AB41-EC0500A85E6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8D5B5FDC-79B2-447E-816F-1F630508A889"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B806EAC6-E1B2-40FB-9B2F-6AFB4A16AF89"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"D7BAC55C-C114-4E64-BC9E-9000B8C016CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"925E6B9B-F7F1-4ED8-8431-282A1061B527"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"A10EDC3E-0EF6-47DD-834D-51C5BBCC13EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"BB5F799E-6696-4391-9B58-06715FA4086A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"EE31D26B-CD47-4853-B1C3-2E50B0882AFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2758714C-4E9A-4442-9AD1-82D8E43995C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0F63C0E4-99A9-4D4F-BCF9-EF5F5455C04C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"13EA024C-97A4-4D33-BC3E-51DB77C51E76"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4A2224A9-96D6-4621-B3AD-D5E1C6884937"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D2B27A1F-E66D-4ADE-83B2-6D2457F49CC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cyber_vision:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"50511288-D7A4-4EAE-8238-1E899EF16A9B"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr","source":"psirt@cisco.com"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-smb-3nfhJtr","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2022-47928","sourceIdentifier":"cve@mitre.org","published":"2022-12-22T23:15:10.413","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp."},{"lang":"es","value":"En MISP anterior a 2.4.167, hay XSS en las cargas de archivos de plantilla en app/View/Templates/upload_file.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.167","matchCriteriaId":"DF6B1BA4-62C0-4C50-A3E7-AD99A224DEEE"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-24027","sourceIdentifier":"cve@mitre.org","published":"2023-01-20T22:15:10.707","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name."},{"lang":"es","value":"En MISP 2.4.167, app/webroot/js/action_table.js permite XSS a través de un nombre de historial de red."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-02T16:11:13.723562Z","id":"CVE-2023-24027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.167:*:*:*:*:*:*:*","matchCriteriaId":"22483A68-8ADB-435E-9972-4A130C5FE8C6"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-24070","sourceIdentifier":"cve@mitre.org","published":"2023-01-23T05:15:18.997","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field."},{"lang":"es","value":"app/View/AuthKeys/authkey_display.ctp en MISP hasta 2.4.167 tiene un XSS en authkey agregado a través de un campo Referer."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.167","matchCriteriaId":"E5A605DE-EF1E-45DA-B83E-54851D7D235C"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-48328","sourceIdentifier":"cve@mitre.org","published":"2023-02-20T04:15:11.147","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-27T14:57:37.381412Z","id":"CVE-2022-48328","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.167","matchCriteriaId":"DF6B1BA4-62C0-4C50-A3E7-AD99A224DEEE"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/206f540f0275af2dd2a86275abc199df41e72a21","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.166...v2.4.167","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://zigrin.com/advisories/misp-sql-injection-in-crud-component/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-hiding-in-plain-sight-the-hidden-danger-of-sql-injection-in-input-field-names/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/206f540f0275af2dd2a86275abc199df41e72a21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.166...v2.4.167","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://zigrin.com/advisories/misp-sql-injection-in-crud-component/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://zigrin.com/cakephp-application-cybersecurity-research-hiding-in-plain-sight-the-hidden-danger-of-sql-injection-in-input-field-names/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2022-48329","sourceIdentifier":"cve@mitre.org","published":"2023-02-20T04:15:11.227","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-18T15:32:09.805695Z","id":"CVE-2022-48329","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.166","matchCriteriaId":"351BE53D-AF0B-4414-8E82-2AF32C750EBF"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/afbe08d256d609eee5195c5b0003cfb723ae7af1","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.165...v2.4.166","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/afbe08d256d609eee5195c5b0003cfb723ae7af1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.165...v2.4.166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2023-28606","sourceIdentifier":"cve@mitre.org","published":"2023-03-18T18:15:54.270","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-26T19:04:44.972213Z","id":"CVE-2023-28606","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.169","matchCriteriaId":"6D0B9050-F314-4324-86A8-691E47C9686E"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2023-28607","sourceIdentifier":"cve@mitre.org","published":"2023-03-18T18:15:54.333","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-26T20:45:13.053578Z","id":"CVE-2023-28607","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.169","matchCriteriaId":"6D0B9050-F314-4324-86A8-691E47C9686E"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2023-28884","sourceIdentifier":"cve@mitre.org","published":"2023-03-27T03:15:07.233","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.169:*:*:*:*:*:*:*","matchCriteriaId":"7C7D3AAA-F531-4925-9DBB-721323978B66"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://zigrin.com/advisories/misp-dom-based-xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://zigrin.com/advisories/misp-dom-based-xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-27971","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-04-28T16:15:09.840","lastModified":"2026-06-25T18:08:03.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-30T20:10:43.900524Z","id":"CVE-2023-27971","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6827D248-4786-43F4-B670-DE8FDBDDB4DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B61236E2-0C22-4ACF-8A67-E506C9AFFC68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"97967F58-733F-4529-91F1-B73A95663519"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D1874BDA-3907-4E83-9337-E25C912EE7C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6803AA31-CC02-41F3-AB3C-DCF77BC93A3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"0935E272-5AB0-4869-945C-26B9E30D09A9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"9FB631C3-F32F-466F-824B-866922BC740E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"28697927-D47E-4F7A-BAE7-2CB88A05ECBA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6B0BE218-0426-4396-BFC9-B0F62B4BC2F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8027C164-1F3D-44F7-A576-EBD55FD23F93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F43C3305-92A4-4E43-8FA4-104BAED57C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7BBBEAF8-AA67-45E7-895B-1A7DBCEECB0B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"00D818E4-3668-449F-AA00-0E393B81453E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"687111E1-75B0-4047-A0B2-11F8B610414C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"ED1A27B8-0F51-4081-ABFE-377C0EDCFC55"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7FA2EF63-4AFE-4437-B93D-14E984D9CEEE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F4E97E5F-B8C2-45D6-B457-DA8793A5E1D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"4C0DEC0B-DFF9-4C56-AD59-B54B6E33FF33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B008B558-D5C8-4262-ACAA-18F98DAE9F1B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"DA456248-4C9D-4C44-895A-257C51EEE6D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A4A5F666-8466-4E5F-B9DE-7759774EF941"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A8A6EEE9-CDDA-4D87-A313-17A001ADB5D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"46D45156-2D5E-45B0-99BF-11918D4B1F61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"23AA63CC-C2B3-41CE-A8EF-237D35ABF5C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"2D2C7160-5158-4AA7-99E4-BEC182397074"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"719BEC44-E537-4999-A380-9BB711BE2983"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"509201CD-97C4-4805-A6C1-D3A49A154BF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A0549CEA-B11B-4DF5-A8BB-C94C55B9B2F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"3B109BDE-DB3C-4EDE-9ECF-FE03C1E18D9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8E5F6500-6961-46EA-8607-844A42C4AF8C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"CB7108EA-FD2E-4560-9A8D-CBFCC22F9105"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"C0DC69C7-9582-432B-B09B-920325F7DC28"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"03FB0F15-3052-4414-80FC-C1A28F24A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"AB91C603-50C9-4197-BBB4-C2778EC1BD67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"BBC83C87-3B80-4118-8D4C-89BBEB78A41C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D7AE3A27-E44E-4B92-8F19-96517B2B7F1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"5100A540-B2E9-4DDB-9C8C-CCAE98C1C856"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"E321A9FE-3C9D-4D63-84C0-C63D97C9E060"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_7919962-7920003-16/hpsbpi03839","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_7919962-7920003-16/hpsbpi03839","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-27972","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-04-28T16:15:09.890","lastModified":"2026-06-25T18:09:05.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-30T19:30:36.327536Z","id":"CVE-2023-27972","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6827D248-4786-43F4-B670-DE8FDBDDB4DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B61236E2-0C22-4ACF-8A67-E506C9AFFC68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"97967F58-733F-4529-91F1-B73A95663519"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D1874BDA-3907-4E83-9337-E25C912EE7C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6803AA31-CC02-41F3-AB3C-DCF77BC93A3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"0935E272-5AB0-4869-945C-26B9E30D09A9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"9FB631C3-F32F-466F-824B-866922BC740E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"28697927-D47E-4F7A-BAE7-2CB88A05ECBA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6B0BE218-0426-4396-BFC9-B0F62B4BC2F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8027C164-1F3D-44F7-A576-EBD55FD23F93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F43C3305-92A4-4E43-8FA4-104BAED57C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7BBBEAF8-AA67-45E7-895B-1A7DBCEECB0B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"00D818E4-3668-449F-AA00-0E393B81453E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"687111E1-75B0-4047-A0B2-11F8B610414C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"ED1A27B8-0F51-4081-ABFE-377C0EDCFC55"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7FA2EF63-4AFE-4437-B93D-14E984D9CEEE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F4E97E5F-B8C2-45D6-B457-DA8793A5E1D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"4C0DEC0B-DFF9-4C56-AD59-B54B6E33FF33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B008B558-D5C8-4262-ACAA-18F98DAE9F1B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"DA456248-4C9D-4C44-895A-257C51EEE6D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A4A5F666-8466-4E5F-B9DE-7759774EF941"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A8A6EEE9-CDDA-4D87-A313-17A001ADB5D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"46D45156-2D5E-45B0-99BF-11918D4B1F61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"23AA63CC-C2B3-41CE-A8EF-237D35ABF5C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"2D2C7160-5158-4AA7-99E4-BEC182397074"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"719BEC44-E537-4999-A380-9BB711BE2983"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"509201CD-97C4-4805-A6C1-D3A49A154BF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A0549CEA-B11B-4DF5-A8BB-C94C55B9B2F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"3B109BDE-DB3C-4EDE-9ECF-FE03C1E18D9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8E5F6500-6961-46EA-8607-844A42C4AF8C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"CB7108EA-FD2E-4560-9A8D-CBFCC22F9105"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"C0DC69C7-9582-432B-B09B-920325F7DC28"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"03FB0F15-3052-4414-80FC-C1A28F24A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"AB91C603-50C9-4197-BBB4-C2778EC1BD67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"BBC83C87-3B80-4118-8D4C-89BBEB78A41C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D7AE3A27-E44E-4B92-8F19-96517B2B7F1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"5100A540-B2E9-4DDB-9C8C-CCAE98C1C856"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"E321A9FE-3C9D-4D63-84C0-C63D97C9E060"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-27973","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-04-28T17:15:43.023","lastModified":"2026-06-25T18:07:46.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-30T19:06:15.392119Z","id":"CVE-2023-27973","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6827D248-4786-43F4-B670-DE8FDBDDB4DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B61236E2-0C22-4ACF-8A67-E506C9AFFC68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"97967F58-733F-4529-91F1-B73A95663519"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D1874BDA-3907-4E83-9337-E25C912EE7C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6803AA31-CC02-41F3-AB3C-DCF77BC93A3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"0935E272-5AB0-4869-945C-26B9E30D09A9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"9FB631C3-F32F-466F-824B-866922BC740E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"28697927-D47E-4F7A-BAE7-2CB88A05ECBA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"6B0BE218-0426-4396-BFC9-B0F62B4BC2F8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8027C164-1F3D-44F7-A576-EBD55FD23F93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F43C3305-92A4-4E43-8FA4-104BAED57C9D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7BBBEAF8-AA67-45E7-895B-1A7DBCEECB0B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"00D818E4-3668-449F-AA00-0E393B81453E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"687111E1-75B0-4047-A0B2-11F8B610414C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"ED1A27B8-0F51-4081-ABFE-377C0EDCFC55"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"7FA2EF63-4AFE-4437-B93D-14E984D9CEEE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"F4E97E5F-B8C2-45D6-B457-DA8793A5E1D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"4C0DEC0B-DFF9-4C56-AD59-B54B6E33FF33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"B008B558-D5C8-4262-ACAA-18F98DAE9F1B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"DA456248-4C9D-4C44-895A-257C51EEE6D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A4A5F666-8466-4E5F-B9DE-7759774EF941"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A8A6EEE9-CDDA-4D87-A313-17A001ADB5D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"46D45156-2D5E-45B0-99BF-11918D4B1F61"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"23AA63CC-C2B3-41CE-A8EF-237D35ABF5C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"2D2C7160-5158-4AA7-99E4-BEC182397074"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"719BEC44-E537-4999-A380-9BB711BE2983"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"509201CD-97C4-4805-A6C1-D3A49A154BF9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"A0549CEA-B11B-4DF5-A8BB-C94C55B9B2F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"3B109BDE-DB3C-4EDE-9ECF-FE03C1E18D9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"8E5F6500-6961-46EA-8607-844A42C4AF8C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"CB7108EA-FD2E-4560-9A8D-CBFCC22F9105"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"C0DC69C7-9582-432B-B09B-920325F7DC28"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"03FB0F15-3052-4414-80FC-C1A28F24A6B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"AB91C603-50C9-4197-BBB4-C2778EC1BD67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"BBC83C87-3B80-4118-8D4C-89BBEB78A41C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"D7AE3A27-E44E-4B92-8F19-96517B2B7F1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"5100A540-B2E9-4DDB-9C8C-CCAE98C1C856"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2310a","matchCriteriaId":"E321A9FE-3C9D-4D63-84C0-C63D97C9E060"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_7920137-7920161-16/hpsbpi03841","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_7920137-7920161-16/hpsbpi03841","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-2609","sourceIdentifier":"security@huntr.dev","published":"2023-05-09T18:15:14.147","lastModified":"2026-06-23T18:17:31.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1531","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-15T20:23:45.760905Z","id":"CVE-2023-2609","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1531","matchCriteriaId":"46AFDD8D-F54F-4E02-883F-5A99472531C4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/","source":"security@huntr.dev"},{"url":"https://support.apple.com/kb/HT213844","source":"security@huntr.dev"},{"url":"https://support.apple.com/kb/HT213845","source":"security@huntr.dev"},{"url":"https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/kb/HT213844","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/kb/HT213845","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-2610","sourceIdentifier":"security@huntr.dev","published":"2023-05-09T22:15:10.197","lastModified":"2026-06-23T18:17:32.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1532","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-13T02:16:15.546649Z","id":"CVE-2023-2610","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1532","matchCriteriaId":"2D2C26EC-72A8-44BC-BD3D-B2878B8C3EBA"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d","source":"security@huntr.dev","tags":["Exploit","Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html","source":"security@huntr.dev"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/","source":"security@huntr.dev"},{"url":"https://support.apple.com/kb/HT213844","source":"security@huntr.dev"},{"url":"https://support.apple.com/kb/HT213845","source":"security@huntr.dev"},{"url":"https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20241129-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/kb/HT213844","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/kb/HT213845","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-35175","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-06-30T16:15:09.643","lastModified":"2026-06-25T18:08:51.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-04T16:12:34.961490Z","id":"CVE-2023-35175","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"69B3C918-C877-4935-8AE3-B846FA262192"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C79C6ED8-3F44-4E5E-B4EE-96D1E4EA912F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9B20AC4D-320E-447C-ACA7-8EE4031C9572"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"483A508C-DBB9-49D4-8B01-E38D244C5F43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DCE4E8DC-0834-4015-B054-699AD1DE6E7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"16C207DE-513D-4202-AFA7-CC8EC58027EF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"CD81AB89-31CA-4615-883C-92C45270B859"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5FDF58C-8139-4459-A9D4-F71B8A900351"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"89D82CBD-7EF8-4CB3-B51D-77EB0D6E88C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"21A9019D-074C-43A2-AD2D-EFFF48862547"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6A7D0B6B-CA49-4ED4-8B50-B3FA4732B457"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"D72B68B4-4105-4DAF-B9FD-151680B04F53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"108018F4-5245-47F2-911E-7FEDACAAD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AA5C974B-501C-41A5-93E3-461EB87DF1CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"2CB15F43-BF65-400E-97EA-8FF3F17BE13A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"368F419C-2015-4F2D-8319-E824E862F451"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AF605077-AFE5-4A12-B825-96C6AE14C40A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"60EBB6BC-5242-42E8-936B-82A88CED54E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"14DF4CF7-E3A3-4CC6-A6AE-17CB05EFC0DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6D814D23-DCA7-4009-B373-7CBC70B48806"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"BC3C5B44-54F8-46D2-BB7D-0A7ECE5986C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"906C2558-D918-4963-8710-0FEE8EBECCF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5555617-A379-41EE-A755-2AF476066068"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5DDDE42C-E3F0-4EF8-AE19-814689650E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9C337DD9-EC65-4E4A-ACD8-EC72D6F0D9A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"48468CDB-44F4-45AB-BAF9-66E8E09B088E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6379C0B4-6D98-4B44-BB2C-FB2EB4A16134"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DB106ED1-512D-464F-A04E-52F4F8CC2566"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"4E8B56BF-42D4-49DC-9955-4B0C5324E9CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C46B4162-54C1-4D3C-8E48-336AE1DE35E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"66FD8474-F76F-40E3-BA4E-C5DFEC1B1D93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5F5D2951-EDE1-422E-9A77-FB059F6DA136"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28D7E106-1F17-4D41-B895-8851DA46C076"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"0B4E8F3E-1E11-4D7B-B101-E26E874C1EAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"405EAE48-AD27-4C3F-A837-E3D87296C2DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"936F4397-AC8C-4B10-8E33-D0D8334C42D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9E4FC4D5-1339-4331-9BBD-E1C00D9C9C4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28411EED-8BAA-4A7E-9B9F-DB6D9354CD95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-35176","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-06-30T16:15:09.687","lastModified":"2026-06-25T18:06:51.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-04T17:01:20.613808Z","id":"CVE-2023-35176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"69B3C918-C877-4935-8AE3-B846FA262192"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C79C6ED8-3F44-4E5E-B4EE-96D1E4EA912F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9B20AC4D-320E-447C-ACA7-8EE4031C9572"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"483A508C-DBB9-49D4-8B01-E38D244C5F43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DCE4E8DC-0834-4015-B054-699AD1DE6E7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"16C207DE-513D-4202-AFA7-CC8EC58027EF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"CD81AB89-31CA-4615-883C-92C45270B859"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5FDF58C-8139-4459-A9D4-F71B8A900351"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"89D82CBD-7EF8-4CB3-B51D-77EB0D6E88C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"21A9019D-074C-43A2-AD2D-EFFF48862547"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6A7D0B6B-CA49-4ED4-8B50-B3FA4732B457"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"D72B68B4-4105-4DAF-B9FD-151680B04F53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"108018F4-5245-47F2-911E-7FEDACAAD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AA5C974B-501C-41A5-93E3-461EB87DF1CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"2CB15F43-BF65-400E-97EA-8FF3F17BE13A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"368F419C-2015-4F2D-8319-E824E862F451"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AF605077-AFE5-4A12-B825-96C6AE14C40A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"60EBB6BC-5242-42E8-936B-82A88CED54E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"14DF4CF7-E3A3-4CC6-A6AE-17CB05EFC0DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6D814D23-DCA7-4009-B373-7CBC70B48806"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"BC3C5B44-54F8-46D2-BB7D-0A7ECE5986C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"906C2558-D918-4963-8710-0FEE8EBECCF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5555617-A379-41EE-A755-2AF476066068"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5DDDE42C-E3F0-4EF8-AE19-814689650E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9C337DD9-EC65-4E4A-ACD8-EC72D6F0D9A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"48468CDB-44F4-45AB-BAF9-66E8E09B088E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6379C0B4-6D98-4B44-BB2C-FB2EB4A16134"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DB106ED1-512D-464F-A04E-52F4F8CC2566"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"4E8B56BF-42D4-49DC-9955-4B0C5324E9CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C46B4162-54C1-4D3C-8E48-336AE1DE35E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"66FD8474-F76F-40E3-BA4E-C5DFEC1B1D93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5F5D2951-EDE1-422E-9A77-FB059F6DA136"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28D7E106-1F17-4D41-B895-8851DA46C076"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"0B4E8F3E-1E11-4D7B-B101-E26E874C1EAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"405EAE48-AD27-4C3F-A837-E3D87296C2DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"936F4397-AC8C-4B10-8E33-D0D8334C42D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9E4FC4D5-1339-4331-9BBD-E1C00D9C9C4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28411EED-8BAA-4A7E-9B9F-DB6D9354CD95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-35177","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-06-30T16:15:09.737","lastModified":"2026-06-25T18:08:34.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-04T17:03:11.737098Z","id":"CVE-2023-35177","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"69B3C918-C877-4935-8AE3-B846FA262192"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C79C6ED8-3F44-4E5E-B4EE-96D1E4EA912F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9B20AC4D-320E-447C-ACA7-8EE4031C9572"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"483A508C-DBB9-49D4-8B01-E38D244C5F43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DCE4E8DC-0834-4015-B054-699AD1DE6E7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"16C207DE-513D-4202-AFA7-CC8EC58027EF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"CD81AB89-31CA-4615-883C-92C45270B859"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5FDF58C-8139-4459-A9D4-F71B8A900351"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"89D82CBD-7EF8-4CB3-B51D-77EB0D6E88C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"21A9019D-074C-43A2-AD2D-EFFF48862547"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6A7D0B6B-CA49-4ED4-8B50-B3FA4732B457"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"D72B68B4-4105-4DAF-B9FD-151680B04F53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"108018F4-5245-47F2-911E-7FEDACAAD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AA5C974B-501C-41A5-93E3-461EB87DF1CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"2CB15F43-BF65-400E-97EA-8FF3F17BE13A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"368F419C-2015-4F2D-8319-E824E862F451"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AF605077-AFE5-4A12-B825-96C6AE14C40A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"60EBB6BC-5242-42E8-936B-82A88CED54E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"14DF4CF7-E3A3-4CC6-A6AE-17CB05EFC0DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6D814D23-DCA7-4009-B373-7CBC70B48806"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"BC3C5B44-54F8-46D2-BB7D-0A7ECE5986C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"906C2558-D918-4963-8710-0FEE8EBECCF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5555617-A379-41EE-A755-2AF476066068"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5DDDE42C-E3F0-4EF8-AE19-814689650E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9C337DD9-EC65-4E4A-ACD8-EC72D6F0D9A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"48468CDB-44F4-45AB-BAF9-66E8E09B088E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6379C0B4-6D98-4B44-BB2C-FB2EB4A16134"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DB106ED1-512D-464F-A04E-52F4F8CC2566"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"4E8B56BF-42D4-49DC-9955-4B0C5324E9CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C46B4162-54C1-4D3C-8E48-336AE1DE35E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"66FD8474-F76F-40E3-BA4E-C5DFEC1B1D93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5F5D2951-EDE1-422E-9A77-FB059F6DA136"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28D7E106-1F17-4D41-B895-8851DA46C076"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"0B4E8F3E-1E11-4D7B-B101-E26E874C1EAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"405EAE48-AD27-4C3F-A837-E3D87296C2DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"936F4397-AC8C-4B10-8E33-D0D8334C42D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9E4FC4D5-1339-4331-9BBD-E1C00D9C9C4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28411EED-8BAA-4A7E-9B9F-DB6D9354CD95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-35178","sourceIdentifier":"hp-security-alert@hp.com","published":"2023-06-30T16:15:09.787","lastModified":"2026-06-25T18:06:35.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP LaserJet Pro","versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-04T17:03:41.388397Z","id":"CVE-2023-35178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a75a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"69B3C918-C877-4935-8AE3-B846FA262192"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a75a:-:*:*:*:*:*:*:*","matchCriteriaId":"3FBE9436-340F-4428-91CB-4F53764AC184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a76a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C79C6ED8-3F44-4E5E-B4EE-96D1E4EA912F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a76a:-:*:*:*:*:*:*:*","matchCriteriaId":"C84C74A6-597E-4E0A-93AC-94EF3073321E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a77a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9B20AC4D-320E-447C-ACA7-8EE4031C9572"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a77a:-:*:*:*:*:*:*:*","matchCriteriaId":"76B034FA-D338-40CD-917E-7B8177715FCB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a78a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"483A508C-DBB9-49D4-8B01-E38D244C5F43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a78a:-:*:*:*:*:*:*:*","matchCriteriaId":"A103FF3D-FB16-463F-9913-49EEDCDB9348"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a79a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DCE4E8DC-0834-4015-B054-699AD1DE6E7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a79a:-:*:*:*:*:*:*:*","matchCriteriaId":"81B33E5A-E22E-4DCF-9B8E-F0650CBF6309"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a80a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"16C207DE-513D-4202-AFA7-CC8EC58027EF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a80a:-:*:*:*:*:*:*:*","matchCriteriaId":"E611AC6F-F279-427F-8213-1B3A1F0EB63B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a81a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"CD81AB89-31CA-4615-883C-92C45270B859"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a81a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF8D6946-CE0F-45AE-BBA9-5983F860FEDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:w1a82a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5FDF58C-8139-4459-A9D4-F71B8A900351"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:w1a82a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E35167E-1A40-4A62-931B-6AF8F49C2214"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y40a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"89D82CBD-7EF8-4CB3-B51D-77EB0D6E88C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y40a:-:*:*:*:*:*:*:*","matchCriteriaId":"A0B8FCC1-8C4D-4CF4-A544-185FC15CC720"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y41a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"21A9019D-074C-43A2-AD2D-EFFF48862547"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y41a:-:*:*:*:*:*:*:*","matchCriteriaId":"4B3DDD9A-8D86-4FB2-9508-BB8B21EF054B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y43a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6A7D0B6B-CA49-4ED4-8B50-B3FA4732B457"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y43a:-:*:*:*:*:*:*:*","matchCriteriaId":"4A1A6F50-AE27-45E7-98B0-9804D64188D3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y44a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"D72B68B4-4105-4DAF-B9FD-151680B04F53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y44a:-:*:*:*:*:*:*:*","matchCriteriaId":"80727AC4-3B6A-4EB4-93E4-1E73D199F949"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y45a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"108018F4-5245-47F2-911E-7FEDACAAD83D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y45a:-:*:*:*:*:*:*:*","matchCriteriaId":"4135473E-5D1D-4C4F-8FFD-C2AB797C1ECA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AA5C974B-501C-41A5-93E3-461EB87DF1CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y46a:-:*:*:*:*:*:*:*","matchCriteriaId":"AC8133D0-14BF-404C-81D1-EA5BC0FDF0A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m453-m454_w1y47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"2CB15F43-BF65-400E-97EA-8FF3F17BE13A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m453-m454_w1y47a:-:*:*:*:*:*:*:*","matchCriteriaId":"B8B26BEA-03DD-41E0-9356-2043FF471D30"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a46a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"368F419C-2015-4F2D-8319-E824E862F451"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a46a:-:*:*:*:*:*:*:*","matchCriteriaId":"2824878B-A718-4D7D-9016-9AF10399BDBD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a47a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"AF605077-AFE5-4A12-B825-96C6AE14C40A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a47a:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA0AD5B-9E7C-49BE-8190-282427E10EE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a48a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"60EBB6BC-5242-42E8-936B-82A88CED54E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a48a:-:*:*:*:*:*:*:*","matchCriteriaId":"412C00A8-50D7-4638-B1B9-C2076FE13C1F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m304-m305_w1a66a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"14DF4CF7-E3A3-4CC6-A6AE-17CB05EFC0DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m304-m305_w1a66a:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA51BE0-E2AE-441F-9ACA-3EB5A2D243DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_93m22a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6D814D23-DCA7-4009-B373-7CBC70B48806"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_93m22a:-:*:*:*:*:*:*:*","matchCriteriaId":"E7F66723-5A58-4612-97DE-2E82ED85494D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a51a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"BC3C5B44-54F8-46D2-BB7D-0A7ECE5986C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a51a:-:*:*:*:*:*:*:*","matchCriteriaId":"9A6449B5-AAEE-4BDF-A0F0-76A622043C4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a52a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"906C2558-D918-4963-8710-0FEE8EBECCF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a52a:-:*:*:*:*:*:*:*","matchCriteriaId":"D8BF1464-C84D-4C5E-A7DE-6CBEBB2F54F0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a53a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"E5555617-A379-41EE-A755-2AF476066068"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a53a:-:*:*:*:*:*:*:*","matchCriteriaId":"CE480BFD-5423-46EA-A6F2-45C1143E3183"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a56a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5DDDE42C-E3F0-4EF8-AE19-814689650E7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a56a:-:*:*:*:*:*:*:*","matchCriteriaId":"1EB49BED-289D-4663-B019-985D608337F3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a57a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9C337DD9-EC65-4E4A-ACD8-EC72D6F0D9A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a57a:-:*:*:*:*:*:*:*","matchCriteriaId":"F417CE57-3FAD-4084-BF42-ED65D7E5EDF6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a58a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"48468CDB-44F4-45AB-BAF9-66E8E09B088E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a58a:-:*:*:*:*:*:*:*","matchCriteriaId":"7FE682C6-30C8-42D3-8F67-141DF64E9B0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a59a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"6379C0B4-6D98-4B44-BB2C-FB2EB4A16134"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a59a:-:*:*:*:*:*:*:*","matchCriteriaId":"54844167-292B-42A1-BEEA-CB2F4524B4FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"DB106ED1-512D-464F-A04E-52F4F8CC2566"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a60a:-:*:*:*:*:*:*:*","matchCriteriaId":"1B8E6F09-0BE0-4BB9-9539-86B822B49387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_m404-m405_w1a63a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"4E8B56BF-42D4-49DC-9955-4B0C5324E9CA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_m404-m405_w1a63a:-:*:*:*:*:*:*:*","matchCriteriaId":"926EA9D9-83E0-4AA6-BAAA-31C713475473"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a29a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"C46B4162-54C1-4D3C-8E48-336AE1DE35E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a29a:-:*:*:*:*:*:*:*","matchCriteriaId":"68CA3AEE-A266-42BE-829A-B02A1A9D1711"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a30a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"66FD8474-F76F-40E3-BA4E-C5DFEC1B1D93"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a30a:-:*:*:*:*:*:*:*","matchCriteriaId":"3A21CFFF-B613-49AF-9063-E3B96BFD7207"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a32a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"5F5D2951-EDE1-422E-9A77-FB059F6DA136"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a32a:-:*:*:*:*:*:*:*","matchCriteriaId":"0E476813-B37C-4B81-8C92-E437055444FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a34a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28D7E106-1F17-4D41-B895-8851DA46C076"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a34a:-:*:*:*:*:*:*:*","matchCriteriaId":"57DA0387-AC56-4510-B170-D854E441FCE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a35a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"0B4E8F3E-1E11-4D7B-B101-E26E874C1EAC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a35a:-:*:*:*:*:*:*:*","matchCriteriaId":"7AB52262-C2B3-4B1E-AD48-6EE3DF9E3950"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_f_w1a38a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"405EAE48-AD27-4C3F-A837-E3D87296C2DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_f_w1a38a:-:*:*:*:*:*:*:*","matchCriteriaId":"EEB847F0-D15E-409C-B82E-339FBF07AC7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a28a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"936F4397-AC8C-4B10-8E33-D0D8334C42D9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a28a:-:*:*:*:*:*:*:*","matchCriteriaId":"C00A9FF2-35EA-4B6F-8926-4BC79505A7B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a31a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"9E4FC4D5-1339-4331-9BBD-E1C00D9C9C4F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a31a:-:*:*:*:*:*:*:*","matchCriteriaId":"1D9AFC01-5C53-4F31-9A3C-A891BC9745EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hp:laserjet_pro_mfp_m428-m429_w1a33a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002_2322c","matchCriteriaId":"28411EED-8BAA-4A7E-9B9F-DB6D9354CD95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hp:laserjet_pro_mfp_m428-m429_w1a33a:-:*:*:*:*:*:*:*","matchCriteriaId":"AA0578BA-4277-4A04-ABA2-CB4A6F575B83"}]}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854","source":"hp-security-alert@hp.com","tags":["Vendor Advisory"]},{"url":"https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-37306","sourceIdentifier":"cve@mitre.org","published":"2023-06-30T17:15:09.757","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-27T18:37:51.660085Z","id":"CVE-2023-37306","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.172:*:*:*:*:*:*:*","matchCriteriaId":"D7ED0203-8674-4AD6-A3B8-5AA1244BA5B5"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-37307","sourceIdentifier":"cve@mitre.org","published":"2023-06-30T17:15:09.800","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.172","matchCriteriaId":"7238A6CB-ECC6-4791-BDEB-097CB4FC7F5F"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172","source":"cve@mitre.org","tags":["Patch","Product"]},{"url":"https://zigrin.com/advisories/misp-stored-xss/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Product"]},{"url":"https://zigrin.com/advisories/misp-stored-xss/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-3640","sourceIdentifier":"secalert@redhat.com","published":"2023-07-24T16:15:13.063","lastModified":"2026-06-26T11:16:30.057","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:5.14.0-362.8.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:5.14.0-362.8.1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-05T18:36:10.948159Z","id":"CVE-2023-3640","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-385"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6583","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3640","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217523","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-3640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2217523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-38559","sourceIdentifier":"secalert@redhat.com","published":"2023-08-01T17:15:09.890","lastModified":"2026-06-23T18:17:32.427","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs."},{"lang":"es","value":"Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ghostscript","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:9.27-11.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ghostscript","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:9.54.0-13.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ghostscript","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ghostscript","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:flatpak/ghostscript","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T16:18:33.107698Z","id":"CVE-2023-38559","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*","versionEndExcluding":"10.02.0","matchCriteriaId":"EBC6F542-8555-4F26-9DE8-79EE02705173"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6544","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7053","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-38559","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=706897","source":"secalert@redhat.com","tags":["Permissions Required"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224367","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1","source":"secalert@redhat.com","tags":["Mailing List","Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2023:6544","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-38559","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=706897","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224367","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBV6BTUREXM6DB3OGHGLMWGAZ3I45TXE/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QH7ERAYSSXEYDWWY7LOV7CA5MIDZN3Z6/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-40224","sourceIdentifier":"cve@mitre.org","published":"2023-08-10T20:15:11.010","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MISP 2.4.174 allows XSS in app/View/Events/index.ctp."},{"lang":"es","value":"La versión 2.4.174 de MISP permite un XSS en app/View/Events/index.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-03T16:54:24.811007Z","id":"CVE-2023-40224","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.174:*:*:*:*:*:*:*","matchCriteriaId":"4FFB92A5-ADC8-48BF-B419-B0BE2E6F72F5"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2023-41098","sourceIdentifier":"cve@mitre.org","published":"2023-08-23T06:15:07.950","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit."},{"lang":"es","value":"Se ha descubierto un problema en MISP v2.4.174. En el fichero \"app/Controller/DashboardsController.php\" existe un problema de Cross-Site Scripting (XSS) reflejado a través del parámetro \"id\" al editar un panel de control. "}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-03T14:01:08.302265Z","id":"CVE-2023-41098","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:2.4.174:*:*:*:*:*:*:*","matchCriteriaId":"4FFB92A5-ADC8-48BF-B419-B0BE2E6F72F5"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/09fb0cba65eab9341e81f1cbebc2ae10be34a2b7","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/09fb0cba65eab9341e81f1cbebc2ae10be34a2b7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2023-4734","sourceIdentifier":"security@huntr.dev","published":"2023-09-02T18:15:17.127","lastModified":"2026-06-23T18:17:36.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846."},{"lang":"es","value":"Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub vim/vim version anterior a 9.0.1846."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1846","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-15T20:11:16.062934Z","id":"CVE-2023-4734","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1846","matchCriteriaId":"CD174B25-7E00-4526-BFAB-ABD283C72975"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","matchCriteriaId":"2BB2BFC1-74A1-4178-8488-69EC5A60B34F"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217","source":"security@huntr.dev","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4735","sourceIdentifier":"security@huntr.dev","published":"2023-09-02T18:15:20.637","lastModified":"2026-06-23T18:17:36.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847."},{"lang":"es","value":"Escritura fuera de límites en el repositorio de GitHub vim/vim en versiones anteriores a la 9.0.1847."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1847","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-13T01:55:09.963504Z","id":"CVE-2023-4735","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1847","matchCriteriaId":"C575EAB5-D4CF-4D7A-A401-71646E52859A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:14.1:*:*:*:*:*:*:*","matchCriteriaId":"18600859-82CD-4959-BEAA-D049793F6157"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51","source":"security@huntr.dev","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4736","sourceIdentifier":"security@huntr.dev","published":"2023-09-02T19:15:44.863","lastModified":"2026-06-23T18:17:36.343","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833."},{"lang":"es","value":"Ruta de búsqueda no fiable en el repositorio de GitHub vim/vim anterior a la versión 9.0.1833."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1833","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T16:08:08.279285Z","id":"CVE-2023-4736","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1833","matchCriteriaId":"399AF224-8577-4DA7-BA29-B946D95E35F8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*","matchCriteriaId":"9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71","source":"security@huntr.dev","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4733","sourceIdentifier":"security@huntr.dev","published":"2023-09-04T14:15:07.563","lastModified":"2026-06-23T18:17:35.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use After Free in GitHub repository vim/vim prior to 9.0.1840."},{"lang":"es","value":"Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1840","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-02T18:44:07.853945Z","id":"CVE-2023-4733","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1840","matchCriteriaId":"3665420B-1EB9-4491-903B-1822D5FD0E8A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","matchCriteriaId":"2BB2BFC1-74A1-4178-8488-69EC5A60B34F"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217","source":"security@huntr.dev","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4750","sourceIdentifier":"security@huntr.dev","published":"2023-09-04T14:15:08.263","lastModified":"2026-06-23T18:17:36.463","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use After Free in GitHub repository vim/vim prior to 9.0.1857."},{"lang":"es","value":"Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1857."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1857","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-28T20:55:47.861901Z","id":"CVE-2023-4750","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1857","matchCriteriaId":"ED821385-90E6-453E-8835-0084B386F287"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","matchCriteriaId":"2BB2BFC1-74A1-4178-8488-69EC5A60B34F"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea","source":"security@huntr.dev","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/","source":"security@huntr.dev","tags":["Mailing List"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4781","sourceIdentifier":"security@huntr.dev","published":"2023-09-05T19:15:49.207","lastModified":"2026-06-23T18:17:36.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873."},{"lang":"es","value":"Desbordamiento de búfer basado en el heap en el repositorio de GitHub vim/vim anterior a la versión 9.0.1873. "}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"vim","product":"vim/vim","versions":[{"version":"unspecified","lessThan":"9.0.1873","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T19:18:08.260782Z","id":"CVE-2023-4781","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.1873","matchCriteriaId":"804D6AB3-048C-483C-B38A-48A8A9104D3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","matchCriteriaId":"2BB2BFC1-74A1-4178-8488-69EC5A60B34F"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883","source":"security@huntr.dev","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html","source":"security@huntr.dev","tags":["Mailing List","Third Party Advisory"]},{"url":"https://support.apple.com/kb/HT213984","source":"security@huntr.dev","tags":["Release Notes","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/kb/HT213984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-4039","sourceIdentifier":"arm-security@arm.com","published":"2023-09-13T09:15:15.690","lastModified":"2026-06-23T18:17:35.723","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"arm-security@arm.com","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself."},{"lang":"es","value":"Una falla en la función -fstack-protector en cadenas de herramientas basadas en GCC que apuntan a AArch64 permite a un atacante explotar un Desbordamiento de Búfer existente en variables locales de tamaño dinámico en su aplicación sin que esto sea detectado. Esta falla del protector de pila solo se aplica a variables locales de tamaño dinámico estilo C99 o aquellas creadas usando alloca(). El protector de pila funciona según lo previsto para variables locales de tamaño estático. El comportamiento predeterminado cuando el protector de pila detecta un desbordamiento es finalizar su aplicación, lo que resulta en una pérdida controlada de disponibilidad. Un atacante que pueda aprovechar un Desbordamiento del Búfer sin activar el protector de pila podría cambiar el control de flujo del programa para provocar una pérdida incontrolada de disponibilidad o ir más allá y afectar la confidencialidad o la integridad."}],"affected":[{"source":"arm-security@arm.com","affectedData":[{"vendor":"Arm Ltd","product":"Arm GNU Toolchain","defaultStatus":"affected","versions":[{"version":"All versions where option -fstack-protector is used","status":"affected"}]},{"vendor":"GNU","product":"GCC","defaultStatus":"unaffected","versions":[{"version":"All versions of GCC that target AArch64 when option -fstack-protector is used","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"arm-security@arm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T16:04:55.934999Z","id":"CVE-2023-4039","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"arm-security@arm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:arm64:*","versionEndExcluding":"2023-09-12","matchCriteriaId":"C8373A25-594D-4F3F-981B-0D02056992FC"}]}]}],"references":[{"url":"https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64","source":"arm-security@arm.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf","source":"arm-security@arm.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-32611","sourceIdentifier":"secalert@redhat.com","published":"2023-09-14T20:15:09.550","lastModified":"2026-06-23T18:17:32.257","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."},{"lang":"es","value":"Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de desaceleración en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"glib2","defaultStatus":"affected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glib2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Fedora","product":"Extra Packages for Enterprise Linux","defaultStatus":"affected","collectionURL":"https://packages.fedoraproject.org/","packageName":"glib"},{"vendor":"Fedora","product":"Fedora 38","defaultStatus":"affected","collectionURL":"https://packages.fedoraproject.org/","packageName":"mingw-glib2"},{"vendor":"Fedora","product":"Fedora 37","defaultStatus":"affected","collectionURL":"https://packages.fedoraproject.org/","packageName":"mingw-glib2"},{"vendor":"Fedora","product":"Fedora 37","defaultStatus":"affected","collectionURL":"https://packages.fedoraproject.org/","packageName":"glib2"},{"vendor":"Fedora","product":"Fedora 38","defaultStatus":"affected","collectionURL":"https://packages.fedoraproject.org/","packageName":"glib2"}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T16:04:34.660174Z","id":"CVE-2023-32611","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*","versionEndExcluding":"2.74.2","matchCriteriaId":"75A30FA8-F2FB-4637-9EBB-5F2F8D057180"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-32611","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2211829","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2797","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html","source":"secalert@redhat.com"},{"url":"https://security.gentoo.org/glsa/202311-18","source":"secalert@redhat.com"},{"url":"https://security.netapp.com/advisory/ntap-20231027-0005/","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-32611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2211829","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2797","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202311-18","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20231027-0005/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-0833","sourceIdentifier":"secalert@redhat.com","published":"2023-09-27T15:16:03.257","lastModified":"2026-06-23T18:17:31.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions."},{"lang":"es","value":"Se encontró una falla en AMQ-Streams de Red Hat, que incluye una versión del componente OKHttp con una falla de divulgación de información a través de una excepción activada por un encabezado que contiene un valor ilegal. Este problema podría permitir que un atacante autenticado acceda a información fuera de sus permisos habituales."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"collectionURL":"https://github.com/square/okhttp","packageName":"okhttp","versions":[{"version":"4.9.2","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AMQ Streams 2.2.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"okhttp","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"Red Hat AMQ Streams 2.4.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:amq_streams:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-05-10T21:17:41.210887Z","id":"CVE-2023-0833","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.2","matchCriteriaId":"BEEBF288-A5A0-49DE-9291-249B9C805B35"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2.1","matchCriteriaId":"29CDE024-A350-47DA-B96E-BA06F88551C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.4.0","matchCriteriaId":"FD874C55-C1CA-48D2-AF4F-3F30C17EC05A"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:1241","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3223","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-0833","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169845","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/square/okhttp/issues/6738","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3223","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-0833","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169845","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/square/okhttp/issues/6738","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-3576","sourceIdentifier":"secalert@redhat.com","published":"2023-10-04T19:15:10.340","lastModified":"2026-06-23T18:17:32.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service."},{"lang":"es","value":"Se encontró una falla de pérdida de memoria en la utilidad tiffcrop de Libatiff. Este problema se produce cuando tiffcrop opera en un archivo de imagen TIFF, lo que permite a un atacante pasar un archivo de imagen TIFF manipulado a la utilidad tiffcrop, lo que provoca este problema de pérdida de memoria, un bloqueo de la aplicación y, finalmente, una denegación de servicio."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtiff","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:4.4.0-10.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtiff","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libtiff3","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtiff","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libtiff3","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtiff","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mingw-libtiff","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libtiff3","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:59:14.505716Z","id":"CVE-2023-3576","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.1","matchCriteriaId":"4133F7CE-3597-4F03-B3E4-3EA0BB5ADE64"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*","matchCriteriaId":"D3FEADDA-2AEE-4F65-9401-971B585664A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6575","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3576","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:6575","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-3576","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-5367","sourceIdentifier":"secalert@redhat.com","published":"2023-10-25T20:15:18.323","lastModified":"2026-06-23T18:17:36.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service."},{"lang":"es","value":"Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento del búfer al copiar datos almacenados en el montón en la función XIChangeDeviceProperty en Xi/xiproperty.c y en la función RRChangeOutputProperty en randr/rrproperty.c, lo que permite una posible escalada de privilegios o Denegación de Servicio (DoS). ."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:rhel_els:6"],"versions":[{"version":"0:1.1.0-25.el6_10.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::workstation","cpe:/o:redhat:enterprise_linux:7::server"],"versions":[{"version":"0:1.20.4-24.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::workstation","cpe:/o:redhat:enterprise_linux:7::server"],"versions":[{"version":"0:1.8.0-26.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.13.1-2.el8_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.20.11-22.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:21.1.3-15.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.1::appstream"],"versions":[{"version":"0:1.9.0-16.el8_1.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.6::appstream"],"versions":[{"version":"0:1.12.0-6.el8_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"0:1.12.0-15.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.13.1-3.el9_3.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.20.11-24.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:22.1.9-5.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream"],"versions":[{"version":"0:1.11.0-22.el9_0.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:1.12.0-14.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-01T17:28:48.416346Z","id":"CVE-2023-5367","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.9","matchCriteriaId":"B4D6FB0F-4CC4-4BFD-95A5-F98390B90BAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.2","matchCriteriaId":"113473EA-6098-4731-A8A0-4A7F4C5E5896"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"2148300C-ECBD-4ED5-A164-79629859DD43"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*","matchCriteriaId":"8BCF87FD-9358-42A5-9917-25DF0180A5A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"7A584AAA-A14F-4C64-8FED-675DC36F69A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","matchCriteriaId":"37CE1DC7-72C5-483C-8921-0B462C8284D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:6802","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:6808","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7373","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7388","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7405","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7428","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7436","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7526","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7533","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0128","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:12751","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5367","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:6802","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:6808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7373","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7388","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7405","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7428","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7436","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5367","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202401-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20231130-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2023/dsa-5534","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-5380","sourceIdentifier":"secalert@redhat.com","published":"2023-10-25T20:15:18.503","lastModified":"2026-06-23T18:17:37.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed."},{"lang":"es","value":"Se encontró una falla de use-after-free en el servidor xorg-x11. Puede ocurrir una falla del servidor X en una configuración muy específica y heredada (una configuración de múltiples pantallas con múltiples pantallas de protocolo, también conocida como modo Zaphod) si el puntero se deforma desde dentro de una ventana en una pantalla a la ventana raíz de la otra pantalla y si la ventana original se destruye y luego se destruye otra ventana."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:1.8.0-26.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.20.11-22.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.13.1-8.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::crb","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.20.11-24.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.13.1-8.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-01T20:12:08.242193Z","id":"CVE-2023-5380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.9","matchCriteriaId":"B4D6FB0F-4CC4-4BFD-95A5-F98390B90BAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.2","matchCriteriaId":"113473EA-6098-4731-A8A0-4A7F4C5E5896"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:7428","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2298","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3067","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5380","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244736","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7428","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2298","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:3067","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5380","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202401-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20231130-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2023/dsa-5534","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-5574","sourceIdentifier":"secalert@redhat.com","published":"2023-10-25T20:15:18.717","lastModified":"2026-06-23T18:17:37.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service."},{"lang":"es","value":"Se encontró una falla de use-after-free en xorg-x11-server-Xvfb. Este problema ocurre en Xvfb con una configuración heredada muy específica (una configuración de pantalla múltiple con múltiples pantallas de protocolo, también conocida como modo Zaphod). Si el puntero se deforma de una pantalla 1 a una pantalla 0, se puede desencadenar un problema de use-after-free durante el apagado o reinicio del servidor Xvfb, lo que permite una posible escalada de privilegios o denegación de servicio."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.13.1-8.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:51:10.403013Z","id":"CVE-2023-5574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","matchCriteriaId":"A5171DF4-AEE7-4CD5-B3A0-BDF824BDEBAF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:2298","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5574","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244735","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:2298","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244735","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231130-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-46233","sourceIdentifier":"security-advisories@github.com","published":"2023-10-25T21:15:10.307","lastModified":"2026-06-23T18:17:34.057","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations."},{"lang":"es","value":"crypto-js es una librería JavaScript de estándares criptográficos. Antes de la versión 4.2.0, crypto-js PBKDF2 era 1000 veces más débil de lo especificado originalmente en 1993 y al menos 1.300.000 veces más débil que el estándar actual de la industria. Esto se debe a que su valor predeterminado es SHA1, un algoritmo hash criptográfico considerado inseguro desde al menos 2005, y su valor predeterminado es una única iteración, un valor de \"fuerza\" o \"dificultad\" especificado en 1000 cuando se especificó en 1993. PBKDF2 se basa en el recuento de iteraciones como una contramedida a los ataques de preimagen y colisión. Si se utiliza para proteger contraseñas, el impacto es alto. Si se utiliza para generar firmas, el impacto es alto. La versión 4.2.0 contiene un parche para este problema. Como workaround, configure crypto-js para usar SHA256 con al menos 250 000 iteraciones."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"brix","product":"crypto-js","versions":[{"version":"< 4.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:51:03.332284Z","id":"CVE-2023-46233","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-328"},{"lang":"en","value":"CWE-916"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:crypto-js_project:crypto-js:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.0","matchCriteriaId":"B50D5D27-E8C7-40A3-9B23-C320A41DBB25"}]}]}],"references":[{"url":"https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html","source":"security-advisories@github.com"},{"url":"https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-46246","sourceIdentifier":"security-advisories@github.com","published":"2023-10-27T19:15:41.417","lastModified":"2026-06-23T18:17:34.203","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068."},{"lang":"es","value":"Vim es una versión mejorada del antiguo editor de UNIX Vi. Heap-use-after-free en la memoria asignada en la función `ga_grow_inner` en el archivo `src/alloc.c` en la línea 748, que se libera en el archivo `src/ex_docmd.c` en la función `do_cmdline` en la línea 1010 y luego se usa nuevamente en `src/cmdhist.c` en la línea 759. Cuando se usa el comando `:history`, es posible que el argumento proporcionado desborde el valor aceptado. Provocando un desbordamiento de enteros y potencialmente más tarde un use-after-free. Esta vulnerabilidad ha sido parcheada en la versión 9.0.2068."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"<= 9.0.2067","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-14T19:44:23.601809Z","id":"CVE-2023-46246","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2068","matchCriteriaId":"C9577B78-DCA1-4A14-897A-6AB4B07A0D35"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/","source":"security-advisories@github.com"},{"url":"https://security.netapp.com/advisory/ntap-20231208-0006/","source":"security-advisories@github.com"},{"url":"https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20231208-0006/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-46850","sourceIdentifier":"security@openvpn.net","published":"2023-11-11T01:15:07.357","lastModified":"2026-06-23T22:16:30.373","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."},{"lang":"es","value":"Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto."}],"affected":[{"source":"security@openvpn.net","affectedData":[{"vendor":"OpenVPN","product":"OpenVPN 2 (Community)","defaultStatus":"unaffected","versions":[{"version":"2.6.0","lessThanOrEqual":"2.6.6","versionType":"minor release","status":"affected"}]},{"vendor":"OpenVPN","product":"Access Server","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"2.11.0","lessThanOrEqual":"2.11.3","versionType":"patch release","status":"affected"},{"version":"2.12.0","lessThanOrEqual":"2.12.2","versionType":"patch release","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-15T14:59:47.646924Z","id":"CVE-2023-46850","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@openvpn.net","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*","versionStartIncluding":"2.6.0","versionEndIncluding":"2.6.6","matchCriteriaId":"3A398A7A-395F-4CA8-9D72-1DDD337D5074"},{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.11.0","versionEndIncluding":"2.11.3","matchCriteriaId":"54464223-5988-40E7-B94B-D7B8DE999704"},{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.12.0","versionEndExcluding":"2.12.2","matchCriteriaId":"2B8D0B4E-A0BF-4A33-9031-987D8BD45F65"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://community.openvpn.net/openvpn/wiki/CVE-2023-46850","source":"security@openvpn.net","tags":["Vendor Advisory"]},{"url":"https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/","source":"security@openvpn.net","tags":["Vendor Advisory"]},{"url":"https://community.openvpn.net/openvpn/wiki/CVE-2023-46850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5555","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48231","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:08.607","lastModified":"2026-06-23T18:17:34.357","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Al cerrar una ventana, vim puede intentar acceder a la estructura de la ventana ya liberada. No se ha demostrado que la explotación más allá de bloquear la aplicación sea viable. Este problema se solucionó en el commit `25aabc2b` que se incluyó en la versión 9.0.2106. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2106","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:03.396306Z","id":"CVE-2023-48231","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2106","matchCriteriaId":"9B4A1D40-D41B-4314-BC8F-759752BB925E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0008/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0008/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48232","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:08.793","lastModified":"2026-06-23T18:17:34.520","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Puede ocurrir una excepción de punto flotante al calcular el desplazamiento de línea para líneas demasiado largas y el desplazamiento suave está habilitado y la configuración de cpo incluye el indicador 'n'. Esto puede suceder cuando hay un borde de ventana presente y cuando la línea ajustada continúa en la siguiente línea física directamente en el borde de la ventana porque la configuración 'cpo' incluye la bandera 'n'. Sólo los usuarios con configuraciones no predeterminadas se ven afectados y la excepción sólo debería provocar un bloqueo. Este problema se solucionó en el commit `cb0b99f0` que se incluyó en la versión 9.0.2107. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2107","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:09.661287Z","id":"CVE-2023-48232","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2107","matchCriteriaId":"386DCEA7-3DFA-472B-9131-2587EE61DD9C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0006/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0006/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48233","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:08.997","lastModified":"2026-06-23T18:17:34.663","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Si el recuento después del comando :s es mayor que lo que cabe en una variable larga (firmada), cancele con e_value_too_large. El impacto es bajo, se requiere la interacción del usuario y es posible que ni siquiera ocurra una falla en todas las situaciones. Este problema se solucionó en el commit `ac6378773` que se incluyó en la versión 9.0.2108. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2108","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:15.815984Z","id":"CVE-2023-48233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2108","matchCriteriaId":"4CDC8B40-F9C3-4A3A-BC16-A13027428530"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0003/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48234","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:09.200","lastModified":"2026-06-23T18:17:34.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Al obtener el recuento para un comando z en modo normal, es posible que se desborde si se dan recuentos grandes. El impacto es bajo, se requiere la interacción del usuario y es posible que ni siquiera ocurra una falla en todas las situaciones. Este problema se solucionó en el commit `58f9befca1` que se incluyó en la versión 9.0.2109. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2109","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:22.816587Z","id":"CVE-2023-48234","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2109","matchCriteriaId":"BE128471-9EE5-48E3-A9C3-B261E1F24DE9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0004/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48235","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:09.380","lastModified":"2026-06-23T18:17:34.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an\noverflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Al analizar direcciones ex relativas, se puede provocar involuntariamente un desbordamiento. Irónicamente, esto sucede en la verificación de desbordamiento existente, porque el número de línea se vuelve negativo y LONG_MAX - lnum provocará el desbordamiento. El impacto es bajo, se requiere la interacción del usuario y es posible que ni siquiera ocurra una falla en todas las situaciones. Este problema se solucionó en el commit `060623e` que se incluyó en la versión 9.0.2110. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2110","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:29.143863Z","id":"CVE-2023-48235","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2110","matchCriteriaId":"A4F2647C-18D4-4911-B200-F15ED39E3889"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0007/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0007/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48236","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:09.567","lastModified":"2026-06-23T18:17:35.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger\nthan MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. Al utilizar el comando z=, el usuario puede desbordar el recuento con valores mayores que MAX_INT. El impacto es bajo, se requiere la interacción del usuario y es posible que ni siquiera ocurra una falla en todas las situaciones. Esta vulnerabilidad se solucionó en el commit `73b2d379` que se incluyó en la versión 9.0.2111. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2111","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:34.356212Z","id":"CVE-2023-48236","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2111","matchCriteriaId":"BE20F802-64E3-4126-948E-599241BD7066"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0002/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48237","sourceIdentifier":"security-advisories@github.com","published":"2023-11-16T23:15:09.753","lastModified":"2026-06-23T18:17:35.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Vim es un editor de texto de línea de comandos de código abierto. En las versiones afectadas, al cambiar líneas en el modo pendiente del operador y utilizar un valor muy grande, es posible que se desborde el tamaño del número entero. El impacto es bajo, se requiere la interacción del usuario y es posible que ni siquiera ocurra una falla en todas las situaciones. Este problema se solucionó en el commit `6bf131888` que se incluyó en la versión 9.0.2112. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2112","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:34:40.199293Z","id":"CVE-2023-48237","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2112","matchCriteriaId":"27A19500-10B4-49A3-9FBC-4657C8570A71"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"security-advisories@github.com","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0005/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20231227-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-48655","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T05:15:12.640","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-15T17:36:18.793964Z","id":"CVE-2023-48655","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.176","matchCriteriaId":"8562F5F8-EA33-4AD5-A663-083D54E24682"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-48656","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T05:15:12.690","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-26T20:16:12.412008Z","id":"CVE-2023-48656","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.176","matchCriteriaId":"8562F5F8-EA33-4AD5-A663-083D54E24682"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-48657","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T05:15:12.740","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.176","matchCriteriaId":"8562F5F8-EA33-4AD5-A663-083D54E24682"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-48658","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T05:15:12.793","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.176","matchCriteriaId":"8562F5F8-EA33-4AD5-A663-083D54E24682"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-48659","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T05:15:12.847","lastModified":"2026-06-23T13:42:00.707","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.176","matchCriteriaId":"8562F5F8-EA33-4AD5-A663-083D54E24682"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/","source":"cve@mitre.org"},{"url":"https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes"]},{"url":"https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-48706","sourceIdentifier":"security-advisories@github.com","published":"2023-11-22T22:15:08.673","lastModified":"2026-06-23T18:17:35.307","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue."},{"lang":"es","value":"Vim es un editor UNIX que, antes de la versión 9.0.2121, tiene una vulnerabilidad de heap-use-after-free. Al ejecutar un comando `:s` por primera vez y utilizar un átomo subreemplazante especial dentro de la parte de sustitución, es posible que la llamada recursiva `:s` provoque la liberación de memoria a la que luego se podrá acceder por el comando inicial `:s`. El usuario debe ejecutar intencionalmente el payload y todo el proceso es un poco complicado de realizar ya que parece funcionar solo de manera confiable para el primer comando :s. También puede provocar un bloqueo de Vim. La versión 9.0.2121 contiene una solución para este problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.0.2121","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-07T16:10:22.120197Z","id":"CVE-2023-48706","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.2121","matchCriteriaId":"F978DA02-FB07-40A0-BD9E-CAC3945B4E2D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/11/22/3","source":"security-advisories@github.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf","source":"security-advisories@github.com","tags":["Exploit"]},{"url":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/pull/13552","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/","source":"security-advisories@github.com"},{"url":"https://security.netapp.com/advisory/ntap-20240105-0001/","source":"security-advisories@github.com"},{"url":"http://www.openwall.com/lists/oss-security/2023/11/22/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/vim/vim/pull/13552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVA7K73WHQH4KVFDJQ7ELIUD2WK5ZT5E/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240105-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-49082","sourceIdentifier":"security-advisories@github.com","published":"2023-11-29T20:15:08.180","lastModified":"2026-06-23T18:17:35.603","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0."},{"lang":"es","value":"aiohttp es un framework cliente/servidor HTTP asíncrono para asyncio y Python. Una validación inadecuada hace posible que un atacante modifique la solicitud HTTP (por ejemplo, inserte un nuevo encabezado) o incluso cree una nueva solicitud HTTP si el atacante controla el método HTTP. La vulnerabilidad ocurre sólo si el atacante puede controlar el método HTTP (GET, POST, etc.) de la solicitud. Si el atacante puede controlar la versión HTTP de la solicitud, podrá modificar la solicitud (contrabando de solicitudes). Este problema se solucionó en la versión 3.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-03T15:13:31.031343Z","id":"CVE-2023-49082","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.0","matchCriteriaId":"B601D31B-56AB-4C39-8CC0-12CFA373E53A"}]}]}],"references":[{"url":"https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466","source":"security-advisories@github.com"},{"url":"https://github.com/aio-libs/aiohttp/pull/7806/files","source":"security-advisories@github.com"},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/aio-libs/aiohttp/pull/7806/files","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-49081","sourceIdentifier":"security-advisories@github.com","published":"2023-11-30T07:15:08.723","lastModified":"2026-06-23T18:17:35.460","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0."},{"lang":"es","value":"aiohttp es un framework cliente/servidor HTTP asíncrono para asyncio y Python. Una validación incorrecta hizo posible que un atacante modificara la solicitud HTTP (por ejemplo, para insertar un nuevo encabezado) o creara una nueva solicitud HTTP si el atacante controla la versión HTTP. La vulnerabilidad sólo ocurre si el atacante puede controlar la versión HTTP de la solicitud. Este problema se solucionó en la versión 3.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-11-30T14:30:34.491239Z","id":"CVE-2023-49081","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.0","matchCriteriaId":"B601D31B-56AB-4C39-8CC0-12CFA373E53A"}]}]}],"references":[{"url":"https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b","source":"security-advisories@github.com"},{"url":"https://github.com/aio-libs/aiohttp/pull/7835/files","source":"security-advisories@github.com"},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/aio-libs/aiohttp/pull/7835/files","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-49926","sourceIdentifier":"cve@mitre.org","published":"2023-12-03T03:15:07.593","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget."},{"lang":"es","value":"app/Lib/Tools/EventTimelineTool.php en MISP anterior a 2.4.179 permite XSS en el widget de línea de tiempo de eventos."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.179","matchCriteriaId":"CBE1A7C0-7AF0-4D3A-909B-0A4D1523F166"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/dc73287ee2000476e3a5800ded402825ca10f7e8","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.178...v2.4.179","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/dc73287ee2000476e3a5800ded402825ca10f7e8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.178...v2.4.179","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2023-5868","sourceIdentifier":"secalert@redhat.com","published":"2023-12-10T18:15:07.163","lastModified":"2026-06-23T18:17:37.457","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."},{"lang":"es","value":"Se encontró una vulnerabilidad de divulgación de memoria en PostgreSQL que permite a usuarios remotos acceder a información confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designación de tipo puede revelar bytes, lo que potencialmente revela información importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-central-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.2::el8"],"versions":[{"version":"4.2.4-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.2::el8"],"versions":[{"version":"4.2.4-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-operator-bundle","cpes":["cpe:/a:redhat:advanced_cluster_security:4.2::el8"],"versions":[{"version":"4.2.4-7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.2::el8"],"versions":[{"version":"4.2.4-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-slim-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.2::el8"],"versions":[{"version":"4.2.4-7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8090020231114113712.a75119d5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8090020231128173330.a75119d5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:15","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8090020231114113548.a75119d5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"8020020231128165246.4cda2c84","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"8020020231128165246.4cda2c84","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_tus:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_e4s:8.2::appstream"],"versions":[{"version":"8020020231128165246.4cda2c84","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127153301.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127154806.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127153301.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127154806.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127153301.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020231127154806.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:rhel_eus:8.6::appstream"],"versions":[{"version":"8060020231114115246.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_eus:8.6::appstream"],"versions":[{"version":"8060020231128165328.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:13","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"8080020231114105206.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:12","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"8080020231128165335.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:15","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"8080020231113134015.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:13.13-1.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:15","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"9030020231120082734.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb"],"versions":[{"version":"0:13.13-1.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql","cpes":["cpe:/a:redhat:rhel_eus:9.2::crb","cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:13.13-1.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:15","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"9020020231115020618.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Software Collections for Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-postgresql12-postgresql","cpes":["cpe:/a:redhat:rhel_software_collections:3::el7"],"versions":[{"version":"0:12.17-1.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Software Collections for Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-postgresql13-postgresql","cpes":["cpe:/a:redhat:rhel_software_collections:3::el7"],"versions":[{"version":"0:13.13-1.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-3.74-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-central-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:3.74::el8"],"versions":[{"version":"3.74.8-9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-3.74-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:3.74::el8"],"versions":[{"version":"3.74.8-9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-3.74-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-operator-bundle","cpes":["cpe:/a:redhat:advanced_cluster_security:3.74::el8"],"versions":[{"version":"3.74.8-7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-3.74-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:3.74::el8"],"versions":[{"version":"3.74.8-9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-3.74-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-slim-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:3.74::el8"],"versions":[{"version":"3.74.8-9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-4.1-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-central-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.1::el8"],"versions":[{"version":"4.1.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-4.1-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.1::el8"],"versions":[{"version":"4.1.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-4.1-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-operator-bundle","cpes":["cpe:/a:redhat:advanced_cluster_security:4.1::el8"],"versions":[{"version":"4.1.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-4.1-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.1::el8"],"versions":[{"version":"4.1.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHACS-4.1-RHEL-8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-db-slim-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.1::el8"],"versions":[{"version":"4.1.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:10/postgresql","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:16/postgresql","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"postgresql:16/postgresql","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Software Collections","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-postgresql10-postgresql","cpes":["cpe:/a:redhat:rhel_software_collections:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-15T14:58:12.146891Z","id":"CVE-2023-5868","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-686"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.22","matchCriteriaId":"1D407A29-CAB0-425B-87B6-F2487FAE6B71"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.17","matchCriteriaId":"13B24306-F52A-47E4-A7E4-EA7E46F850EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.13","matchCriteriaId":"AA77ED73-60C6-4666-9355-7C28CD774001"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.10","matchCriteriaId":"7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.5","matchCriteriaId":"E8883865-D864-497D-B39C-90D3ACC6A932"},{"vulnerable":true,"criteria":"cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*","matchCriteriaId":"654E69F1-844B-4E32-9C3D-FA8032FB3A61"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"936B046D-ADEB-4701-8957-AC28CFA9C5C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"56CE19E2-F92D-4C36-9319-E6CD4766D0D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"056DABF5-0C1D-4EBA-B02B-443BACB20D6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"02F08DBD-4BD0-408D-B817-04B2EB82137E"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"CDE46FD5-B415-49B7-BF2D-E76D068C3920"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"09AAD850-019A-46B8-A5A1-845DE048D30A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"A4E39B04-D3E5-4106-8A8F-0C496FF9997F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*","matchCriteriaId":"86034E5B-BCDD-4AFD-A460-38E790F608F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"7F6967B4-C62B-4252-B5C3-50532B9EA3FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"C2ED1251-245C-4390-8964-DDCAD54A8957"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","matchCriteriaId":"9D7EE4B6-A6EC-4B9B-91DF-79615796673F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"6C3741B8-851F-475D-B428-523F4F722350"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*","matchCriteriaId":"62C31522-0A17-4025-B269-855C7F4B45C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*","matchCriteriaId":"4DDA3E5A-8754-4C48-9A27-E2415F8A6000"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"3C74F6FA-FA6C-4648-9079-91446E45EE47"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*","matchCriteriaId":"3F797F2E-00E6-4D03-A94E-524227529A0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"F7F8A347-0ACE-40E4-BF7B-656D66DDB425"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"32AF225E-94C0-4D07-900C-DD868C05F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*","matchCriteriaId":"B758EDC9-6421-422C-899E-A273D2936D8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*","matchCriteriaId":"22C65F53-D624-48A9-A9B7-4C78A31E19F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"0CC06C2A-64A5-4302-B754-A4DC0E12FE7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*","matchCriteriaId":"26041661-0280-4544-AA0A-BC28FCED4699"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"23D471AC-7DCA-4425-AD91-E5D928753A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"D9C30C59-07F7-4CCE-B057-052ECCD36DB8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"F91F9255-4EE1-43C7-8831-D2B6C228BFD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"62D3FD78-5B63-4A1B-B4EE-9B098844691E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"99952557-C766-4B9E-8BF5-DBBA194349FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"6897676D-53F9-45B3-B27F-7FF9A4C58D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"E28F226A-CBC7-4A32-BE58-398FA5B42481"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"76C24D94-834A-4E9D-8F73-624AFA99AAA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"F32CA554-F9D7-425B-8F1C-89678507F28C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","matchCriteriaId":"B09ACF2D-D83F-4A86-8185-9569605D8EE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","matchCriteriaId":"AC10D919-57FD-4725-B8D2-39ECB476902F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*","matchCriteriaId":"1272DF03-7674-4BD4-8E64-94004B195448"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:7545","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7579","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7580","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7581","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7616","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7656","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7666","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7667","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7694","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7695","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7714","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7770","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7772","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7784","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2023:7785","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2023:7883","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2023:7884","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2023:7885","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0304","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0332","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0337","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5868","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247168","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/","source":"secalert@redhat.com","tags":["Release Notes"]},{"url":"https://www.postgresql.org/support/security/CVE-2023-5868/","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7616","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7656","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7666","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7667","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7694","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7714","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7772","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2023:7784","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7785","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7883","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7884","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7885","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0304","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0332","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0337","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2247168","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240119-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.postgresql.org/support/security/CVE-2023-5868/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-6377","sourceIdentifier":"secalert@redhat.com","published":"2023-12-13T07:15:30.030","lastModified":"2026-06-23T18:17:37.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved."},{"lang":"es","value":"Se encontró una falla en xorg-server. Consultar o cambiar las acciones de los botones XKB, como pasar de un panel táctil a un mouse, puede provocar lecturas y escrituras de memoria fuera de los límites. Esto puede permitir una escalada de privilegios local o una posible ejecución remota de código en los casos en que esté involucrado el reenvío X11."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:rhel_els:6"],"versions":[{"version":"0:1.1.0-25.el6_10.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:1.8.0-28.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:1.20.4-25.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.13.1-2.el8_9.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::crb"],"versions":[{"version":"0:1.20.11-22.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:21.1.3-15.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.6::appstream"],"versions":[{"version":"0:1.12.0-6.el8_6.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"0:1.12.0-15.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.13.1-3.el9_3.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:1.20.11-24.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:22.1.9-5.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream"],"versions":[{"version":"0:1.11.0-22.el9_0.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:1.12.0-14.el9_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-13T15:25:12.226920Z","id":"CVE-2023-6377","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"3C74F6FA-FA6C-4648-9079-91446E45EE47"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.10","matchCriteriaId":"E0DB0A6B-1314-4125-8D5B-6C4F9CF22711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.3","matchCriteriaId":"95CD5142-5D27-4DD3-B91C-518D4324DC15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*","matchCriteriaId":"79A8316C-BA22-441E-92AF-415AFABCEB76"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:7886","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0009","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0014","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0015","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0016","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0017","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0018","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0020","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6377","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253291","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-December/003435.html","source":"secalert@redhat.com","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2023/12/13/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0006","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0014","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0015","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0016","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0017","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0018","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0020","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6377","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253291","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.x.org/archives/xorg-announce/2023-December/003435.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.gentoo.org/glsa/202401-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240125-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2023/dsa-5576","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-6478","sourceIdentifier":"secalert@redhat.com","published":"2023-12-13T07:15:31.213","lastModified":"2026-06-23T18:17:38.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information."},{"lang":"es","value":"Se encontró una falla en xorg-server. Una solicitud especialmente manipulada a RRChangeProviderProperty o RRChangeOutputProperty puede desencadenar un desbordamiento de enteros que puede provocar la divulgación de información confidencial."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:rhel_els:6"],"versions":[{"version":"0:1.1.0-25.el6_10.13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation","cpe:/o:redhat:enterprise_linux:7::computenode"],"versions":[{"version":"0:1.8.0-28.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation","cpe:/o:redhat:enterprise_linux:7::computenode"],"versions":[{"version":"0:1.20.4-25.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.13.1-2.el8_9.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::crb","cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.20.11-22.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:21.1.3-15.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.2::appstream","cpe:/a:redhat:rhel_aus:8.2::appstream","cpe:/a:redhat:rhel_tus:8.2::appstream"],"versions":[{"version":"0:1.9.0-15.el8_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.11.0-8.el8_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.6::appstream"],"versions":[{"version":"0:1.12.0-6.el8_6.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"0:1.12.0-15.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.13.1-3.el9_3.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:1.20.11-24.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:22.1.9-5.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream"],"versions":[{"version":"0:1.11.0-22.el9_0.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:1.12.0-14.el9_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2023-12-19T16:14:12.255402Z","id":"CVE-2023-6478","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.10","matchCriteriaId":"E0DB0A6B-1314-4125-8D5B-6C4F9CF22711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.3","matchCriteriaId":"95CD5142-5D27-4DD3-B91C-518D4324DC15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*","matchCriteriaId":"3C74F6FA-FA6C-4648-9079-91446E45EE47"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*","matchCriteriaId":"79A8316C-BA22-441E-92AF-415AFABCEB76"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:7886","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0009","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0014","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0015","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0016","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0017","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0018","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0020","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:12751","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6478","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253298","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://lists.x.org/archives/xorg-announce/2023-December/003435.html","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2023/12/13/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2023:7886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:0006","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0009","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0014","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0015","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0016","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0017","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0018","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0020","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2169","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2170","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2995","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2996","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253298","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.x.org/archives/xorg-announce/2023-December/003435.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202401-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20240125-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2023/dsa-5576","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-50918","sourceIdentifier":"cve@mitre.org","published":"2023-12-15T18:15:07.723","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs."},{"lang":"es","value":"app/Controller/AuditLogsController.php en MISP anterior a 2.4.182 maneja mal las ACL para los registros de auditoría."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.182","matchCriteriaId":"A87B2B91-8654-4478-9460-347E220EC0FF"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2023-6879","sourceIdentifier":"cve-coordination@google.com","published":"2023-12-27T23:15:07.530","lastModified":"2026-06-23T18:17:38.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc()."},{"lang":"es","value":"Aumentar la resolución de los fotogramas de vídeo, mientras se realiza una codificación multiproceso, puede provocar un desbordamiento del montón en av1_loop_restoration_dealloc()."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"libaom","product":"libaom","defaultStatus":"unaffected","repo":"https://aomedia.googlesource.com/aom/","versions":[{"version":"0","lessThan":"3.7.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-01-24T16:45:06.405286Z","id":"CVE-2023-6879","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aomedia:aomedia:*:*:*:*:*:*:*:*","versionEndExcluding":"3.7.1","matchCriteriaId":"C852A718-716E-4C5F-891D-1E290834F660"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","matchCriteriaId":"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1","source":"cve-coordination@google.com","tags":["Patch"]},{"url":"https://crbug.com/aomedia/3491","source":"cve-coordination@google.com","tags":["Exploit","Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","source":"cve-coordination@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","source":"cve-coordination@google.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://crbug.com/aomedia/3491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-40547","sourceIdentifier":"secalert@redhat.com","published":"2024-01-25T16:15:07.717","lastModified":"2026-06-26T10:16:21.907","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."},{"lang":"es","value":"Se encontró una vulnerabilidad de ejecución remota de código en Shim. El soporte de arranque Shim confía en los valores controlados por el atacante al analizar una respuesta HTTP. Este fallo permite a un atacante manipular una solicitud HTTP maliciosa específica, lo que lleva a una escritura fuera de los límites completamente controlada primitiva y a un compromiso completo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:15.8-3.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-signed","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:15.8-1.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:15.8-4.el8_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_eus:8.6::baseos"],"versions":[{"version":"0:15.8-2.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/a:redhat:rhel_eus:8.8::crb","cpe:/o:redhat:rhel_eus:8.8::baseos"],"versions":[{"version":"0:15.8-2.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-x64","cpes":["cpe:/a:redhat:rhel_eus:8.8::crb","cpe:/o:redhat:rhel_eus:8.8::baseos"],"versions":[{"version":"0:15.8-2.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:15.8-4.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-3.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-aarch64","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-2.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-x64","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-2.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_eus:9.2::baseos"],"versions":[{"version":"0:15.8-3.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-13T05:00:44.907619Z","id":"CVE-2023-40547","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*","versionEndExcluding":"15.8","matchCriteriaId":"01639865-3664-4034-BCFB-F4E09AF37F28"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1834","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1835","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1873","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1876","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1883","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1902","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1903","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1959","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2086","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-40547","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234589","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/01/26/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1834","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1835","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1873","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1876","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1883","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1902","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1959","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-40547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234589","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-40548","sourceIdentifier":"secalert@redhat.com","published":"2024-01-29T15:15:08.893","lastModified":"2026-06-26T10:16:22.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."},{"lang":"es","value":"Se encontró un desbordamiento de búfer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operación de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza además para operaciones de asignación de memoria, lo que provoca un desbordamiento de búfer en la región Heap de la memoria. Esta falla causa daños en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:15.8-3.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-signed","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:15.8-1.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:15.8-4.el8_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.2::baseos","cpe:/o:redhat:rhel_e4s:8.2::baseos","cpe:/o:redhat:rhel_tus:8.2::baseos"],"versions":[{"version":"0:15.8-2.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:15.8-2.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_eus:8.6::baseos"],"versions":[{"version":"0:15.8-2.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/a:redhat:rhel_eus:8.8::crb","cpe:/o:redhat:rhel_eus:8.8::baseos"],"versions":[{"version":"0:15.8-2.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-x64","cpes":["cpe:/a:redhat:rhel_eus:8.8::crb","cpe:/o:redhat:rhel_eus:8.8::baseos"],"versions":[{"version":"0:15.8-2.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:15.8-4.el9_3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-3.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-aarch64","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-2.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim-unsigned-x64","cpes":["cpe:/a:redhat:rhel_eus:9.0::appstream","cpe:/a:redhat:rhel_eus:9.0::crb","cpe:/o:redhat:rhel_eus:9.0::baseos"],"versions":[{"version":"0:15.8-2.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"shim","cpes":["cpe:/o:redhat:rhel_eus:9.2::baseos"],"versions":[{"version":"0:15.8-3.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-08T18:45:11.115130Z","id":"CVE-2023-40548","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*","versionEndExcluding":"15.8","matchCriteriaId":"01639865-3664-4034-BCFB-F4E09AF37F28"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*","matchCriteriaId":"BF11AEF9-B742-46DC-94D2-6160B93767BD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","matchCriteriaId":"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1834","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1835","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1873","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1876","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1883","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1902","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1903","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1959","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:2086","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-40548","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241782","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2024:1834","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1835","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1873","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1876","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1883","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1902","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1959","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:2086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-40548","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-25674","sourceIdentifier":"cve@mitre.org","published":"2024-02-09T09:15:08.597","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.184. La carga del logotipo de la organización no es segura debido a la falta de comprobaciones de la extensión del archivo y el tipo MIME."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unknown","cpes":["cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"2.4.184","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-26T19:06:03.642796Z","id":"CVE-2024-25674","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.184","matchCriteriaId":"9AAFB185-BFCF-4D1A-86D5-E812E225141E"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2024-25675","sourceIdentifier":"cve@mitre.org","published":"2024-02-09T09:15:08.653","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp."},{"lang":"es","value":"Se descubrió un problema en MISP antes de la versión 2.4.184. Un cliente no necesita utilizar POST para iniciar un proceso de generación de exportaciones. Esto está relacionado con app/Controller/JobsController.php y app/View/Events/export.ctp."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-07T19:46:45.705915Z","id":"CVE-2024-25675","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-749"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.184","matchCriteriaId":"9AAFB185-BFCF-4D1A-86D5-E812E225141E"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2024-29858","sourceIdentifier":"cve@mitre.org","published":"2024-03-21T04:15:09.420","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload."},{"lang":"es","value":"En MISP anterior a 2.4.187, __uploadLogo en app/Controller/OrganisationsController.php no verifica correctamente si hay una carga de logotipo válida."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unknown","cpes":["cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"2.4.187","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-05T18:29:53.064336Z","id":"CVE-2024-29858","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-616"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.187","matchCriteriaId":"3E4C56FE-502A-4F06-9DA3-637C0929A1A1"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2024-29859","sourceIdentifier":"cve@mitre.org","published":"2024-03-21T04:15:09.463","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload."},{"lang":"es","value":"En MISP anterior a 2.4.187, add_misp_export en app/Controller/EventsController.php no verifica correctamente si hay una carga de archivo válida."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unknown","cpes":["cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"2.4.187","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-05T16:46:48.529609Z","id":"CVE-2024-29859","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.187","matchCriteriaId":"3E4C56FE-502A-4F06-9DA3-637C0929A1A1"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2023-6484","sourceIdentifier":"secalert@redhat.com","published":"2024-04-25T16:15:09.743","lastModified":"2026-06-26T08:16:20.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity."},{"lang":"es","value":"Se encontró una falla de inyección de registros en Keycloak. Se puede inyectar una cadena de texto a través del formulario de autenticación cuando se utiliza el modo de autenticación WebAuthn. Este problema puede tener un impacto menor en la integridad de los registros."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://www.keycloak.org/","packageName":"keycloak","versions":[{"version":"0","lessThan":"22.0.9","versionType":"semver","status":"affected"},{"version":"23.0.0","lessThan":"23.0.5","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:22::el9"],"versions":[{"version":"22.0.10-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:22::el9"],"versions":[{"version":"22-13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:22::el9"],"versions":[{"version":"22-16","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 22.0.10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:22"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"],"versions":[{"version":"0:18.0.12-1.redhat_00001.1.el7sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"],"versions":[{"version":"0:18.0.13-1.redhat_00001.1.el7sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"],"versions":[{"version":"0:18.0.12-1.redhat_00001.1.el8sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"],"versions":[{"version":"0:18.0.13-1.redhat_00001.1.el8sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"],"versions":[{"version":"0:18.0.12-1.redhat_00001.1.el9sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"],"versions":[{"version":"0:18.0.13-1.redhat_00001.1.el9sso","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso76-openshift-rhel8","cpes":["cpe:/a:redhat:rhosemc:1.0::el8"],"versions":[{"version":"7.6-41","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso76-openshift-rhel8","cpes":["cpe:/a:redhat:rhosemc:1.0::el8"],"versions":[{"version":"7.6-46","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso7-rhel8-init-container","cpes":["cpe:/a:redhat:rhosemc:1.0::el8"],"versions":[{"version":"7.6-16","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso7-rhel8-operator","cpes":["cpe:/a:redhat:rhosemc:1.0::el8"],"versions":[{"version":"7.6-18","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso7-rhel8-operator-bundle","cpes":["cpe:/a:redhat:rhosemc:1.0::el8"],"versions":[{"version":"7.6.8-2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHSSO 7.6.8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-rhel9-operator-bundle-container","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-12T14:33:06.444846Z","id":"CVE-2023-6484","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-117"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:0798","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0799","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0800","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0801","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0804","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1860","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1861","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1862","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1864","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1865","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1866","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1867","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:1868","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6484","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423","source":"secalert@redhat.com"},{"url":"https://github.com/advisories/GHSA-j628-q885-8gr5","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:0798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0799","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0800","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0801","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:0804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1860","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1861","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1862","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1864","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1865","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1866","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1867","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:1868","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-6484","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2248423","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-4029","sourceIdentifier":"secalert@redhat.com","published":"2024-05-02T15:15:07.227","lastModified":"2026-06-26T04:17:29.280","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections."},{"lang":"es","value":"Se encontró una vulnerabilidad en la interfaz de administración de Wildfly. Debido a la falta de limitación de sockets para la interfaz de administración, es posible que se produzca una denegación de servicio que alcance el límite de nofile ya que no hay posibilidad de configurar o establecer un número máximo de conexiones."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"collectionURL":"https://github.com/wildfly/wildfly","packageName":"wildfly","versions":[{"version":"0","lessThan":"24.0.1.Final","versionType":"semver","status":"affected"},{"version":"25.0.0.Final","lessThan":"*","versionType":"semver","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:3.3.24-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:6.0.23-2.SP1_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-insights-java-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.5.18-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-cert-helper","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-ejb-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:4.0.55-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.10.0-39.Final_redhat_00039.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:5.4.12-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jsoup","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.15.4-1.redhat_00003.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:2.0.15-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:7.4.19-1.GA_redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-xalan-j2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:2.7.1-37.redhat_00015.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:3.3.24-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:6.0.23-2.SP1_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-insights-java-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.5.18-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-cert-helper","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-ejb-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:4.0.55-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.10.0-39.Final_redhat_00039.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:5.4.12-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jsoup","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.15.4-1.redhat_00003.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:2.0.15-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:7.4.19-1.GA_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-xalan-j2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:2.7.1-37.redhat_00015.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:3.3.24-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:6.0.23-2.SP1_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-insights-java-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.5.18-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-cert-helper","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-ejb-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:4.0.55-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.10.0-39.Final_redhat_00039.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:5.4.12-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jsoup","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.15.4-1.redhat_00003.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:2.0.15-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:7.4.19-1.GA_redhat_00002.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-xalan-j2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:2.7.1-37.redhat_00015.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.33.0-1.redhat_00015.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"1:2.0.0-2.redhat_00005.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aesh-extensions","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.8.0-2.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aesh-readline","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.2.0-2.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-codec","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.16.1-2.redhat_00007.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-collections","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.2.2-28.redhat_2.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-io","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.15.1-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-lang","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.14.0-2.redhat_00006.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:4.0.5-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"1:2.0.0-2.redhat_00005.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-artemis-wildfly-integration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.0.1-1.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-asyncutil","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:0.1.0-2.redhat_00010.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aws-java-sdk","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.12.284-2.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-cryptacular","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.2.5-2.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:800.4.0-1.GA_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-fastinfoset","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.1.0-4.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:6.2.31-1.Final_redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:8.0.1-3.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hppc","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:0.8.1-2.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-insights-java-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jakarta-servlet-jsp-jstl-api","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.0.1-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-cert-helper","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-logging","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.5.3-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jctools","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:4.0.2-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jgroups","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:5.3.10-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-log4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.22.1-1.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-narayana","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:6.0.3-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-nimbus-jose-jwt","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:9.37.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-objectweb-asm","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:9.6.0-1.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-pem-keystore","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.3.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-resteasy-extensions","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.0.1-3.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-resteasy-spring","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.0.1-2.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-saaj-impl","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.0.4-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-shibboleth-java-support","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:8.0.0-6.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-slf4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.0.16-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-snakeyaml","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.2.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:8.0.4-2.GA_redhat_00005.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.33.0-1.redhat_00015.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"1:2.0.0-2.redhat_00005.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aesh-extensions","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.8.0-2.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aesh-readline","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.2.0-2.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-codec","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.16.1-2.redhat_00007.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-collections","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.2.2-28.redhat_2.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-io","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.15.1-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-lang","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.14.0-2.redhat_00006.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:4.0.5-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"1:2.0.0-2.redhat_00005.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-artemis-wildfly-integration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.0.1-1.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-asyncutil","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:0.1.0-2.redhat_00010.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-aws-java-sdk","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.12.284-2.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-cryptacular","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.2.5-2.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:800.4.0-1.GA_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-fastinfoset","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.1.0-4.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:6.2.31-1.Final_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:8.0.1-3.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hppc","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:0.8.1-2.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-insights-java-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jakarta-servlet-jsp-jstl-api","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.0.1-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-cert-helper","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.1.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-logging","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.5.3-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jctools","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:4.0.2-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jgroups","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:5.3.10-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-log4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.22.1-1.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-narayana","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:6.0.3-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-nimbus-jose-jwt","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:9.37.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-objectweb-asm","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:9.6.0-1.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-pem-keystore","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.3.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-resteasy-extensions","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.0.1-3.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-resteasy-spring","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.0.1-2.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-saaj-impl","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.0.4-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-shibboleth-java-support","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:8.0.0-6.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-slf4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.0.16-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-snakeyaml","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.2.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:8.0.4-2.GA_redhat_00005.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_data_grid:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-domain-http","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-14T19:17:30.528404Z","id":"CVE-2024-4029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:8075","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8076","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8077","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8080","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8823","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8824","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8826","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-4029","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278615","source":"secalert@redhat.com"},{"url":"https://github.com/advisories/GHSA-x7g6-rwhc-g7mj","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly/wildfly/pull/17914","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly/wildfly/pull/17935","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-4029","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278615","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-2199","sourceIdentifier":"secalert@redhat.com","published":"2024-05-28T12:15:08.950","lastModified":"2026-06-26T05:16:26.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input."},{"lang":"es","value":"Se encontró una vulnerabilidad de denegación de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar \"userPassword\" utilizando una entrada con formato incorrecto."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/389ds/389-ds-base","packageName":"389-ds-base","versions":[{"version":"0","lessThan":"3.1.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Directory Server 11.5 E4S for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-ds:11","cpes":["cpe:/a:redhat:directory_server_e4s:11.5::el8"],"versions":[{"version":"8060020250210084424.0ca98e7e","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Directory Server 11.8 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-ds:11","cpes":["cpe:/a:redhat:directory_server:11.8::el8"],"versions":[{"version":"8090020240606122459.91529cd0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Directory Server 11.9 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-ds:11","cpes":["cpe:/a:redhat:directory_server:11.9::el8"],"versions":[{"version":"8100020240604161237.37ed7c03","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Directory Server 12.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-ds:12","cpes":["cpe:/a:redhat:directory_server:12.4::el9"],"versions":[{"version":"9040020240604143706.1674d574","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds-base","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:1.3.11.1-5.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds:1.4","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8100020240613122040.25e700aa","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds:1.4","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"8080020240807050952.6dbb3803","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds-base","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:2.4.5-8.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds-base","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:2.2.4-9.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"389-ds-base","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-05-28T15:52:25.507062Z","id":"CVE-2024-2199","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:3591","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3837","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4092","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4209","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4210","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4235","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4633","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:5690","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:1632","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-2199","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267976","source":"secalert@redhat.com"},{"url":"https://www.port389.org/docs/389ds/releases/release-3-1-1.html","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:3591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:3837","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4092","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4209","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4210","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4235","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2024-2199","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267976","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-4727","sourceIdentifier":"secalert@redhat.com","published":"2024-06-11T20:15:09.733","lastModified":"2026-06-26T10:16:22.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege."},{"lang":"es","value":"Se encontró una falla en dogtag-pki y pki-core. El esquema de autenticación de token se puede omitir con una inyección LDAP. Al pasar el parámetro de cadena de consulta sessionID=*, un atacante puede autenticarse con una sesión existente guardada en el servidor de directorio LDAP, lo que puede conducir a una escalada de privilegios."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://www.keycloak.org/","packageName":"keycloak","versions":[{"version":"0","lessThan":"11.5.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Certificate System 10.4 EUS for RHEL-8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-pki:10","cpes":["cpe:/a:redhat:certificate_system_eus:10.4::el8"],"versions":[{"version":"8060020240529205458.07fb4edf","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core","cpes":["cpe:/o:redhat:enterprise_linux:7::client","cpe:/o:redhat:enterprise_linux:7::computenode","cpe:/o:redhat:enterprise_linux:7::server","cpe:/o:redhat:enterprise_linux:7::workstation"],"versions":[{"version":"0:10.5.18-32.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"8100020240614102443.82f485b7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020240329193548.17df0a3f","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020240329193548.17df0a3f","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"8040020240329193548.17df0a3f","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020240329182634.60523a7b","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020240329182634.60523a7b","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"8060020240329182634.60523a7b","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"8080020240329143735.693a3987","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:11.5.0-2.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"versions":[{"version":"0:11.0.6-3.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:11.3.0-2.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-11T20:43:47.420318Z","id":"CVE-2023-4727","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:4051","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4070","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4164","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4165","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4179","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4222","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4367","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4403","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4413","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4727","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232218","source":"secalert@redhat.com"},{"url":"https://github.com/advisories/GHSA-rvm7-rc5g-c98q","source":"secalert@redhat.com"},{"url":"https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720","source":"secalert@redhat.com"},{"url":"https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:4051","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4070","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4164","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4165","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4179","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4222","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4367","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4403","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2024:4413","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4727","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232218","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2023-39328","sourceIdentifier":"secalert@redhat.com","published":"2024-07-09T14:15:03.400","lastModified":"2026-06-26T10:16:20.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file."},{"lang":"es","value":"Se encontró una vulnerabilidad en OpenJPEG similar a CVE-2019-6988. Esta falla permite a un atacante omitir las protecciones existentes y provocar el bloqueo de una aplicación a través de un archivo manipulado con fines malintencionados."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"collectionURL":"https://www.openjpeg.org/","packageName":"openjpeg","versions":[{"version":"2.5.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openjpeg","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openjpeg","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:flatpak/openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"inkscape:flatpak/openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libreoffice:flatpak/openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openjpeg2","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-09T14:08:00.356050Z","id":"CVE-2023-39328","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:-:*:*:*:*:*:*:*","matchCriteriaId":"EFF759A5-7791-420C-AFB2-531FC701FBA6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:2.0:*:*:*:*:*:*:*","matchCriteriaId":"9E345E63-1F5B-4257-A5EC-53360BA2AFEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"EFBCAD00-BE25-4E60-8FD4-85C3DD6898B7"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2023-39328","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219236","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/1476","source":"secalert@redhat.com"},{"url":"https://github.com/uclouvain/openjpeg/pull/1470","source":"secalert@redhat.com"},{"url":"https://github.com/uclouvain/openjpeg/pull/1471","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2023-39328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219236","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2024-45509","sourceIdentifier":"cve@mitre.org","published":"2024-09-01T22:15:14.053","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin."},{"lang":"es","value":"En MISP hasta 2.4.196, app/Controller/BookmarksController.php no restringe adecuadamente el acceso a los datos de marcadores en el caso en que el usuario no sea un administrador de la organización."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unknown","cpes":["cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"2.4.196","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-03T15:02:19.107152Z","id":"CVE-2024-45509","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.197","matchCriteriaId":"3DC99B09-4166-4003-9122-44B56DD5C163"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/3f3b9a574f349182a545636e12efa39267e9db04","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2024-46918","sourceIdentifier":"cve@mitre.org","published":"2024-09-15T20:15:02.390","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org."},{"lang":"es","value":"app/Controller/UserLoginProfilesController.php en MISP anterior a 2.4.198 no impide que un administrador de organización vea campos de inicio de sesión confidenciales de otro administrador de organización en la misma organización."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unknown","cpes":["cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"2.4.198","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-17T15:19:05.563459Z","id":"CVE-2024-46918","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.198","matchCriteriaId":"17D0DB99-1CAB-44D9-B5CB-213C6858C6AD"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2024-9050","sourceIdentifier":"secalert@redhat.com","published":"2024-10-22T13:15:02.410","lastModified":"2026-06-26T00:16:44.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration."},{"lang":"es","value":"Se encontró una falla en el complemento de cliente de libreswan para NetworkManager (NetkworkManager-libreswan), donde no puede desinfectar correctamente la configuración de VPN del usuario local sin privilegios. En esta configuración, compuesta por un formato clave-valor, el complemento no puede escapar caracteres especiales, lo que lleva a la aplicación a interpretar los valores como claves. Uno de los parámetros más críticos que un usuario malintencionado podría abusar es la clave `leftupdown`. Esta clave toma un comando ejecutable como valor y se utiliza para especificar lo que se ejecuta como una devolución de llamada en NetworkManager-libreswan para recuperar los ajustes de configuración de nuevo a NetworkManager. Como NetworkManager utiliza Polkit para permitir que un usuario sin privilegios controle la configuración de red del sistema, un actor malintencionado podría lograr una escalada de privilegios local y una posible ejecución de código como root en la máquina de destino."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/","packageName":"NetworkManager-libreswan","versions":[{"version":"0","lessThan":"1.2.24","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7.7 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/o:redhat:rhel_aus:7.7::server"],"versions":[{"version":"0:1.2.4-4.el7_7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:1.2.4-4.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.2.10-7.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"],"versions":[{"version":"0:1.2.10-6.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.2.10-6.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.2.10-6.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::appstream"],"versions":[{"version":"0:1.2.10-6.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"0:1.2.10-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"0:1.2.10-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"],"versions":[{"version":"0:1.2.10-6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream"],"versions":[{"version":"0:1.2.10-6.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.2.22-4.el9_5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"versions":[{"version":"0:1.2.14-3.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream"],"versions":[{"version":"0:1.2.14-6.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"versions":[{"version":"0:1.2.18-6.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"NetworkManager-libreswan","cpes":["cpe:/o:redhat:enterprise_linux:10"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-22T13:03:43.771304Z","id":"CVE-2024-9050","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:8312","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8338","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8352","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8353","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8354","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8355","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8356","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8357","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:8358","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:9555","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:9556","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-9050","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2313828","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/-/commit/dcf8acfb25bd31e4b8cbd20c229da660238b5c1b","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/10/25/1","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2024/10/25/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-49393","sourceIdentifier":"secalert@redhat.com","published":"2024-11-12T02:15:18.443","lastModified":"2026-06-26T02:16:50.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality."},{"lang":"es","value":"En neomutt y mutt, los encabezados de correo electrónico Para y Cc no están validados por la firma criptográfica, lo que permite a un atacante que intercepta un mensaje cambiar su valor e incluirse como uno de los destinatarios para comprometer la confidencialidad del mensaje."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"affected","collectionURL":"https://gitlab.com/muttmua/mutt","packageName":"mutt"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-12T14:25:28.066562Z","id":"CVE-2024-49393","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:*","matchCriteriaId":"37CCB5EA-B0AB-4082-BCFC-A437D0DCF57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:*","matchCriteriaId":"6F74FCE2-5FC0-4FA7-9B71-DFA849AF5545"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","matchCriteriaId":"053C1B35-3869-41C2-9551-044182DE0A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-49393","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325317","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/neomutt/neomutt/issues/4223","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4221","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4227","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-49394","sourceIdentifier":"secalert@redhat.com","published":"2024-11-12T03:15:03.677","lastModified":"2026-06-26T02:16:50.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender."},{"lang":"es","value":"En mutt y neomutt, el campo de encabezado de correo electrónico In-Reply-To no está protegido por firma criptográfica, lo que permite a un atacante reutilizar un mensaje de correo electrónico no cifrado pero firmado para hacerse pasar por el remitente original."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"affected","collectionURL":"https://gitlab.com/muttmua/mutt","packageName":"mutt"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-12T14:24:55.879023Z","id":"CVE-2024-49394","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:*","matchCriteriaId":"37CCB5EA-B0AB-4082-BCFC-A437D0DCF57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:*","matchCriteriaId":"6F74FCE2-5FC0-4FA7-9B71-DFA849AF5545"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-49394","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325330","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/neomutt/neomutt/issues/4226","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4221","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4227","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-49395","sourceIdentifier":"secalert@redhat.com","published":"2024-11-12T03:15:03.910","lastModified":"2026-06-26T02:16:50.827","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info."},{"lang":"es","value":"En mutt y neomutt, el cifrado PGP no utiliza el modo --hidden-recipient que puede filtrar el campo de encabezado de correo electrónico CCO al inferir la información de los destinatarios."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"affected","collectionURL":"https://gitlab.com/muttmua/mutt","packageName":"mutt"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mutt","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-12T14:24:06.690435Z","id":"CVE-2024-49395","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1230"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:*","matchCriteriaId":"37CCB5EA-B0AB-4082-BCFC-A437D0DCF57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:*","matchCriteriaId":"6F74FCE2-5FC0-4FA7-9B71-DFA849AF5545"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-49395","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325332","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/neomutt/neomutt/issues/4223#issuecomment-2040209956","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4221","source":"secalert@redhat.com"},{"url":"https://github.com/neomutt/neomutt/pull/4227","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-11217","sourceIdentifier":"secalert@redhat.com","published":"2024-11-15T21:15:06.543","lastModified":"2026-06-26T05:16:25.357","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options."},{"lang":"es","value":"Se encontró una vulnerabilidad en el servidor OAuth. El servidor OAuth registra el secreto del cliente OAuth2 cuando el nivel de registro es mayor que el de Depuración para las opciones de inicio de sesión de los IDP de OIDC/GitHub/GitLab/Google."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/openshift/oauth-server","packageName":"oauth-server-container","versions":[{"version":"4.12.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.13.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.14.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.15.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.16.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.17.*","lessThan":"*","versionType":"semver","status":"affected"},{"version":"4.18.*","lessThan":"*","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-15T21:09:10.428897Z","id":"CVE-2024-11217","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1295"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-11217","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2326230","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-52336","sourceIdentifier":"secalert@redhat.com","published":"2024-11-26T16:15:17.093","lastModified":"2026-06-26T02:16:50.940","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation."},{"lang":"es","value":"Se identificó una vulnerabilidad de inyección de scripts en el paquete Tuned. La función `instance_create()` de D-Bus puede ser invocada por usuarios que hayan iniciado sesión localmente sin autenticación. Esta falla permite que un usuario local sin privilegios ejecute una llamada de D-Bus con opciones `script_pre` o `script_post` que permiten pasar scripts arbitrarios con sus rutas absolutas. Estos scripts o programas ejecutables controlados por el usuario o el atacante podrían ser ejecutados por Tuned con privilegios de superusuario, lo que podría permitir a los atacantes una escalada de privilegios local."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/redhat-performance/tuned","packageName":"tuned","versions":[{"version":"2.23.0","lessThan":"2.24.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:8::fastdatapath"],"versions":[{"version":"0:2.24.0-2.1.20240819gitc082797f.el8fdp","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:9::fastdatapath"],"versions":[{"version":"0:2.24.0-2.1.20240819gitc082797f.el9fdp","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.24.0-2.el9_5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.24.0-2.el9_5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Fast Datapath for RHEL 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-26T16:22:02.290977Z","id":"CVE-2024-52336","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10384","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0879","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0880","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-52336","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324540","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-performance/tuned/releases/tag/v2.24.1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-52337","sourceIdentifier":"secalert@redhat.com","published":"2024-11-26T16:15:17.717","lastModified":"2026-06-26T02:16:51.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations."},{"lang":"es","value":"Se encontró una falla de suplantación de registros en el paquete Tuned debido a una desinfección incorrecta de algunos argumentos de la API. Esta falla permite a un atacante pasar una secuencia controlada de caracteres; se pueden insertar nuevas líneas en el registro. En lugar de la línea 'evil', el atacante podría imitar una línea de registro válida de TuneD y engañar al administrador. Las comillas '' se utilizan generalmente en los registros de TuneD que citan la entrada del usuario sin procesar, por lo que siempre habrá el carácter ' al final de la entrada suplantada, y el administrador puede pasarlo por alto fácilmente. Esta cadena registrada se utiliza más tarde en el registro y en la salida de utilidades, por ejemplo, `tuned-adm get_instances` u otros programas de terceros que utilizan la interfaz D-Bus de Tuned para tales operaciones."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/redhat-performance/tuned","packageName":"tuned","versions":[{"version":"2.23.0","lessThan":"2.24.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:7::fastdatapath"],"versions":[{"version":"0:2.11.0-5.el7fdp.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:8::fastdatapath"],"versions":[{"version":"0:2.24.0-2.1.20240819gitc082797f.el8fdp","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Fast Datapath for Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:9::fastdatapath"],"versions":[{"version":"0:2.24.0-2.1.20240819gitc082797f.el9fdp","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_extras_rt_els:7","cpe:/a:redhat:rhel_extras_sap_els:7","cpe:/a:redhat:rhel_extras_sap_hana_els:7","cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:2.11.0-13.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_extras_rt_els:7","cpe:/a:redhat:rhel_extras_sap_els:7","cpe:/a:redhat:rhel_extras_sap_hana_els:7","cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:2.11.0-13.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::nfv","cpe:/a:redhat:enterprise_linux:8::realtime","cpe:/a:redhat:enterprise_linux:8::sap","cpe:/a:redhat:enterprise_linux:8::sap_hana","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.22.1-5.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::nfv","cpe:/a:redhat:enterprise_linux:8::realtime","cpe:/a:redhat:enterprise_linux:8::sap","cpe:/a:redhat:enterprise_linux:8::sap_hana","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.22.1-5.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::sap","cpe:/a:redhat:rhel_e4s:8.4::sap_hana","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::nfv","cpe:/a:redhat:rhel_tus:8.4::realtime","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:2.20.0-1.el8_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::sap","cpe:/a:redhat:rhel_e4s:8.4::sap_hana","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::nfv","cpe:/a:redhat:rhel_tus:8.4::realtime","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:2.20.0-1.el8_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::appstream","cpe:/a:redhat:rhel_e4s:8.4::sap","cpe:/a:redhat:rhel_e4s:8.4::sap_hana","cpe:/a:redhat:rhel_tus:8.4::appstream","cpe:/a:redhat:rhel_tus:8.4::nfv","cpe:/a:redhat:rhel_tus:8.4::realtime","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_e4s:8.4::baseos","cpe:/o:redhat:rhel_tus:8.4::baseos"],"versions":[{"version":"0:2.20.0-1.el8_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::nfv","cpe:/a:redhat:rhel_e4s:8.6::sap","cpe:/a:redhat:rhel_e4s:8.6::sap_hana","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::nfv","cpe:/a:redhat:rhel_tus:8.6::realtime","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.20.0-1.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::nfv","cpe:/a:redhat:rhel_e4s:8.6::sap","cpe:/a:redhat:rhel_e4s:8.6::sap_hana","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::nfv","cpe:/a:redhat:rhel_tus:8.6::realtime","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.20.0-1.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::nfv","cpe:/a:redhat:rhel_e4s:8.6::sap","cpe:/a:redhat:rhel_e4s:8.6::sap_hana","cpe:/a:redhat:rhel_tus:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::nfv","cpe:/a:redhat:rhel_tus:8.6::realtime","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_e4s:8.6::baseos","cpe:/o:redhat:rhel_tus:8.6::baseos"],"versions":[{"version":"0:2.20.0-1.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_eus:8.8::appstream","cpe:/a:redhat:rhel_eus:8.8::nfv","cpe:/a:redhat:rhel_eus:8.8::realtime","cpe:/a:redhat:rhel_eus:8.8::sap","cpe:/a:redhat:rhel_eus:8.8::sap_hana","cpe:/o:redhat:rhel_eus:8.8::baseos"],"versions":[{"version":"0:2.20.0-2.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.24.0-2.el9_5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::nfv","cpe:/a:redhat:enterprise_linux:9::realtime","cpe:/a:redhat:enterprise_linux:9::sap","cpe:/a:redhat:enterprise_linux:9::sap_hana","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.24.0-2.el9_5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_eus:9.2::appstream","cpe:/a:redhat:rhel_eus:9.2::nfv","cpe:/a:redhat:rhel_eus:9.2::realtime","cpe:/a:redhat:rhel_eus:9.2::sap","cpe:/a:redhat:rhel_eus:9.2::sap_hana","cpe:/o:redhat:rhel_eus:9.2::baseos"],"versions":[{"version":"0:2.20.0-3.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/a:redhat:rhel_eus:9.4::nfv","cpe:/a:redhat:rhel_eus:9.4::realtime","cpe:/a:redhat:rhel_eus:9.4::sap","cpe:/a:redhat:rhel_eus:9.4::sap_hana","cpe:/o:redhat:rhel_eus:9.4::baseos"],"versions":[{"version":"0:2.22.1-3.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tuned","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-26T15:57:55.472014Z","id":"CVE-2024-52337","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10381","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10384","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:11161","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0195","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0327","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0368","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0879","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0880","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0881","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:1785","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:1802","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-52337","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324541","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-performance/tuned/releases/tag/v2.24.1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-53866","sourceIdentifier":"security-advisories@github.com","published":"2024-12-10T18:15:42.160","lastModified":"2026-06-22T14:38:57.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B. Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace."},{"lang":"es","value":"El administrador de paquetes pnpm anterior a la versión 9.15.0 parece manejar mal las anulaciones y la caché global: las anulaciones de un espacio de trabajo se filtran en los metadatos de npm guardados en la caché global; los metadatos de npm de la caché global afectan a otros espacios de trabajo; y las instalaciones por defecto no revalidan los datos (incluso en la primera generación del archivo de bloqueo). Esto puede hacer que el espacio de trabajo A (incluso ejecutándose con `ignore-scripts=true`) posea la caché global y ejecute scripts en el espacio de trabajo B. Los usuarios generalmente esperan que `ignore-scripts` sea suficiente para evitar la ejecución inmediata del código en la instalación (por ejemplo, cuando el árbol simplemente se vuelve a empaquetar/agrupar sin ejecutarlo). Aquí, esa expectativa se rompe. La integridad del estado global se pierde a través de operaciones que uno esperaría que fueran seguras, lo que permite ejecutar posteriormente la ejecución de código arbitrario en las instalaciones. La versión 9.15.0 corrige el problema. Como workaround, use directorios de caché y de almacenamiento separados en cada espacio de trabajo."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":"< 9.15.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-11T17:11:58.410402Z","id":"CVE-2024-53866","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionEndExcluding":"9.15.0","matchCriteriaId":"1BB4276C-A983-4F77-AEEB-AA440775BCC4"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/commit/11afcddea48f25ed5117a87dc1780a55222b9743","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-vm32-9rqf-rh3r","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-12401","sourceIdentifier":"secalert@redhat.com","published":"2024-12-12T09:15:05.790","lastModified":"2026-06-26T05:16:25.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."},{"lang":"es","value":" Se encontró una falla en el paquete cert-manager. Esta falla permite que un atacante que pueda modificar los datos PEM que lee el cert-manager, por ejemplo, en un recurso secreto, utilice grandes cantidades de CPU en el módulo controlador del cert-manager para crear efectivamente un vector de denegación de servicio (DoS) para el cert-manager en el clúster."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/cert-manager/cert-manager","packageName":"cert-manager","versions":[{"version":"0","lessThanOrEqual":"1.12.14","versionType":"semver","status":"affected"},{"version":"1.13.0-alpha.0","lessThanOrEqual":"1.15.4","versionType":"semver","status":"affected"},{"version":"1.16.0-alpha.0","lessThanOrEqual":"1.16.2","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/jetstack-cert-manager-acmesolver-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/jetstack-cert-manager-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cert-manager-operator-bundle-container","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cert-manager-operator-container","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"Cryostat 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-tech-preview/cryostat-rhel8-operator","cpes":["cpe:/a:redhat:cryostat:3"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/assisted-service-8-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-activator-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-autoscaler-hpa-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-autoscaler-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-controller-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-queue-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-storage-version-migration-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serving-webhook-rhel8","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat Connectivity Link 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhcl-operator-bundle-container","cpes":["cpe:/a:redhat:connectivity_link:1"]},{"vendor":"Red Hat","product":"Red Hat Connectivity Link 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhcl-operator-container","cpes":["cpe:/a:redhat:connectivity_link:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-api-server-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-contour-rhel8","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/rook-ceph-rhel8-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/gitops-rhel8-operator","cpes":["cpe:/a:redhat:openshift_gitops:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-12T15:21:20.829376Z","id":"CVE-2024-12401","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-12401","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2327929","source":"secalert@redhat.com"},{"url":"https://github.com/cert-manager/cert-manager/pull/7400","source":"secalert@redhat.com"},{"url":"https://github.com/cert-manager/cert-manager/pull/7401","source":"secalert@redhat.com"},{"url":"https://github.com/cert-manager/cert-manager/pull/7402","source":"secalert@redhat.com"},{"url":"https://github.com/cert-manager/cert-manager/pull/7403","source":"secalert@redhat.com"},{"url":"https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4","source":"secalert@redhat.com"},{"url":"https://go.dev/issue/50116","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-56732","sourceIdentifier":"security-advisories@github.com","published":"2024-12-27T20:15:23.900","lastModified":"2026-06-25T15:32:53.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function."},{"lang":"es","value":"HarfBuzz es un motor de modelado de texto. Desde la versión 8.5.0 hasta la 10.0.1, hay un desbordamiento de búfer basado en el montón en la función hb_cairo_glyphs_from_buffer."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harfbuzz","product":"harfbuzz","versions":[{"version":">= 8.5.0, <= 10.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-28T16:46:53.686962Z","id":"CVE-2024-56732","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:harfbuzz_project:harfbuzz:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndIncluding":"10.0.1","matchCriteriaId":"9A7365E9-2F50-4D9E-AD31-7F09EEAB75A2"}]}]}],"references":[{"url":"https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-45497","sourceIdentifier":"secalert@redhat.com","published":"2024-12-31T03:15:05.543","lastModified":"2026-06-26T02:16:50.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties."},{"lang":"es","value":"Se encontró una falla en el proceso de compilación de OpenShift, donde el contenedor docker-build está configurado con un montaje de volumen hostPath que asigna el archivo /var/lib/kubelet/config.json del nodo al pod de compilación. Este archivo contiene credenciales confidenciales necesarias para extraer imágenes de repositorios privados. El montaje no es de solo lectura, lo que permite al atacante sobrescribirlo. Al modificar el archivo config.json, el atacante puede provocar una denegación de servicio al evitar que el nodo extraiga nuevas imágenes y potencialmente exfiltre secretos confidenciales. Esta falla afecta la disponibilidad de los servicios que dependen de la extracción de imágenes y expone información confidencial a terceros no autorizados."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unknown","collectionURL":"https://github.com/openshift","packageName":"openshift","versions":[{"version":"4.16","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-operator","cpes":["cpe:/a:redhat:openshift:4.12::el8","cpe:/a:redhat:openshift:4.12::el9"],"versions":[{"version":"v4.12.0-202506062300.p0.gb870fc6.assembly.stream.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-operator","cpes":["cpe:/a:redhat:openshift:4.13::el8","cpe:/a:redhat:openshift:4.13::el9"],"versions":[{"version":"v4.13.0-202507061330.p0.g9abb220.assembly.stream.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-operator","cpes":["cpe:/a:redhat:openshift:4.14::el8","cpe:/a:redhat:openshift:4.14::el9"],"versions":[{"version":"v4.14.0-202506112307.p0.g700dc11.assembly.stream.el8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"versions":[{"version":"v4.16.0-202506062300.p0.gd26f300.assembly.stream.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"versions":[{"version":"v4.17.0-202507011904.p0.g2b2ba3b.assembly.stream.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cluster-openshift-apiserver-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"v4.18.0-202506062012.p0.g0a6f6eb.assembly.stream.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-openshift-controller-manager-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"ose-openshift-controller-manager-container-v4.20.0-202509261327.p2.gd9e543d.assembly.stream.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"org.arquillian.cube/arquillian-cube-openshift-api","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-openshift-apiserver-rhel8","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-31T15:53:54.435304Z","id":"CVE-2024-45497","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:10270","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10294","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10747","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:9269","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:9562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:9759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:9765","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-45497","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2308673","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-13484","sourceIdentifier":"secalert@redhat.com","published":"2025-01-28T18:15:32.537","lastModified":"2026-06-26T05:16:25.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied."},{"lang":"es","value":"Se encontró una falla en ArgoCD. La etiqueta openshift.io/cluster-monitoring se aplica a todos los espacios de nombres que implementan una instancia CR de ArgoCD, lo que permite que el espacio de nombres cree una PrometheusRule no autorizada. Este problema puede tener efectos adversos en la pila de monitoreo de la plataforma, ya que la regla se implementa en todo el clúster cuando se aplica la etiqueta."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/redhat-developer/gitops-operator","packageName":"gitops-operator","versions":[{"version":"0","lessThan":"1.13","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argocd-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argocd-rhel9","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argo-rollouts-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/dex-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-operator-bundle","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-rhel8-operator","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/kam-delivery-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/must-gather-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.14::el8","cpe:/a:redhat:openshift_gitops:1.14::el9"],"versions":[{"version":"v1.14.4-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argocd-extensions-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argocd-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argocd-rhel9","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/argo-rollouts-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/dex-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-operator-bundle","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-rhel8-operator","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/must-gather-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.15::el8","cpe:/a:redhat:openshift_gitops:1.15::el9"],"versions":[{"version":"v1.15.2-4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/gitops-rhel8-operator","cpes":["cpe:/a:redhat:openshift_gitops:1.16::el8"],"versions":[{"version":"1.16","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-28T18:25:37.752075Z","id":"CVE-2024-13484","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:7753","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:8274","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:9506","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-13484","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269376","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-developer/gitops-operator/pull/853","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-developer/gitops-operator/pull/867","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-developer/gitops-operator/pull/868","source":"secalert@redhat.com"},{"url":"https://github.com/redhat-developer/gitops-operator/pull/869","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-57969","sourceIdentifier":"cve@mitre.org","published":"2025-02-14T07:15:32.340","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search."},{"lang":"es","value":"app/Model/Attribute.php en MISP anterior a 2.4.198 ignora una ACL durante una búsqueda de atributos de GUI."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MISP","product":"MISP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.4.198","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-02-14T15:42:09.804333Z","id":"CVE-2024-57969","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.198","matchCriteriaId":"17D0DB99-1CAB-44D9-B5CB-213C6858C6AD"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/4f27f83a775aba4d3cca9255f69c3c9998b7df7f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2025-26984","sourceIdentifier":"audit@patchstack.com","published":"2025-03-03T14:15:57.217","lastModified":"2026-06-26T17:13:56.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Reflected XSS.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8."},{"lang":"es","value":"Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Cozy Vision SMS Alert Order Notifications – WooCommerce permite XSS reflejado. Este problema afecta a SMS Alert Order Notifications – WooCommerce: desde n/a hasta 3.7.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozy Vision","product":"SMS Alert Order Notifications","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sms-alert","versions":[{"version":"0","lessThanOrEqual":"3.7.8","versionType":"custom","status":"affected","changes":[{"at":"3.7.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-03T14:46:24.617379Z","id":"CVE-2025-26984","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cozyvision:sms_alert_order_notifications:*:*:*:*:free:wordpress:*:*","versionEndExcluding":"3.7.9","matchCriteriaId":"15A8780C-1BB4-44B3-B8CF-CB43E12860E1"}]}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-26988","sourceIdentifier":"audit@patchstack.com","published":"2025-03-03T14:15:57.370","lastModified":"2026-06-26T17:13:52.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.7.8."},{"lang":"es","value":"Vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Cozy Vision SMS Alert Order Notifications – WooCommerce permite la inyección SQL. Este problema afecta a SMS Alert Order Notifications – WooCommerce: desde n/a hasta 3.7.8."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Cozy Vision","product":"SMS Alert Order Notifications","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"sms-alert","versions":[{"version":"0","lessThanOrEqual":"3.7.8","versionType":"custom","status":"affected","changes":[{"at":"3.7.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-03T14:41:58.851070Z","id":"CVE-2025-26988","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cozyvision:sms_alert_order_notifications:*:*:*:*:free:wordpress:*:*","versionEndExcluding":"3.7.9","matchCriteriaId":"15A8780C-1BB4-44B3-B8CF-CB43E12860E1"}]}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-plugin-3-7-8-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-31176","sourceIdentifier":"secalert@redhat.com","published":"2025-03-27T15:16:03.073","lastModified":"2026-06-26T00:16:47.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash."},{"lang":"es","value":"Se encontró una falla en gnuplot. La función plot3d_points() puede generar un error de segmentación y provocar un bloqueo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T18:10:11.297335Z","id":"CVE-2025-31176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","matchCriteriaId":"DD568251-8BE1-47F8-9126-1C988941DD73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31176","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355343","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2776/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-31178","sourceIdentifier":"secalert@redhat.com","published":"2025-03-27T15:16:03.230","lastModified":"2026-06-26T00:16:47.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash."},{"lang":"es","value":"Se encontró una falla en gnuplot. La función GetAnnotateString() puede generar un error de segmentación y provocar un bloqueo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T15:22:08.976302Z","id":"CVE-2025-31178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","matchCriteriaId":"DD568251-8BE1-47F8-9126-1C988941DD73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31178","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355341","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2754/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-31179","sourceIdentifier":"secalert@redhat.com","published":"2025-03-27T15:16:03.390","lastModified":"2026-06-26T00:16:47.437","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash."},{"lang":"es","value":"Se encontró una falla en gnuplot. La función xstrftime() puede generar un error de segmentación, lo que provoca un bloqueo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T15:21:19.028920Z","id":"CVE-2025-31179","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","matchCriteriaId":"DD568251-8BE1-47F8-9126-1C988941DD73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31179","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355340","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2779/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-31180","sourceIdentifier":"secalert@redhat.com","published":"2025-03-27T15:16:03.540","lastModified":"2026-06-26T00:16:47.547","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash."},{"lang":"es","value":"Se encontró una falla en gnuplot. La función CANVAS_text() puede generar un error de segmentación y provocar un bloqueo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T15:21:11.027287Z","id":"CVE-2025-31180","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","matchCriteriaId":"DD568251-8BE1-47F8-9126-1C988941DD73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31180","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355339","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2755/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-31181","sourceIdentifier":"secalert@redhat.com","published":"2025-03-27T15:16:03.697","lastModified":"2026-06-26T04:17:39.340","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash."},{"lang":"es","value":"Se encontró una falla en gnuplot. La función X11_graphics() puede generar un error de segmentación y provocar un bloqueo del sistema."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-27T15:20:47.855264Z","id":"CVE-2025-31181","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","matchCriteriaId":"DD568251-8BE1-47F8-9126-1C988941DD73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31181","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355338","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2753/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-6875","sourceIdentifier":"secalert@redhat.com","published":"2025-03-28T21:15:17.400","lastModified":"2026-06-26T02:16:51.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."},{"lang":"es","value":"Se detectó una vulnerabilidad en el componente Infinispan de Red Hat Data Grid. La API de comparación REST podría tener una fuga de búfer y un error de memoria insuficiente al enviar solicitudes continuas con grandes cantidades de datos POST a la API REST."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/infinispan/infinispan","packageName":"infinispan","versions":[{"version":"0","lessThan":"15.0.6","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"infinispan","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"infinispan","cpes":["cpe:/a:redhat:jboss_data_grid:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-31T14:31:56.854512Z","id":"CVE-2024-6875","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2024-6875","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2298555","source":"secalert@redhat.com"},{"url":"https://github.com/infinispan/infinispan/pull/12645","source":"secalert@redhat.com"},{"url":"https://github.com/infinispan/infinispan/pull/12663","source":"secalert@redhat.com"},{"url":"https://issues.redhat.com/browse/JDG-7169","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-58128","sourceIdentifier":"cve@mitre.org","published":"2025-03-28T22:15:17.197","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link."},{"lang":"es","value":"En MISP anterior a 2.4.193, los parámetros menu_custom_right_link se pueden configurar a través de la interfaz de usuario (es decir, sin utilizar la CLI) y, por lo tanto, los atacantes con privilegios de administrador pueden realizar ataques XSS a través de un enlace de menú global."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MISP","product":"MISP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.4.193","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-31T16:44:17.898916Z","id":"CVE-2024-58128","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.193","matchCriteriaId":"5377D4A2-759A-4C58-A1D0-AADD41F298D4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2bae48303efd9501a26a","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.193","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2024-58129","sourceIdentifier":"cve@mitre.org","published":"2025-03-28T22:15:17.333","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page."},{"lang":"es","value":"En MISP anterior a 2.4.193, los parámetros menu_custom_right_link_html se pueden configurar a través de la interfaz de usuario (es decir, sin utilizar la CLI) y, por lo tanto, los atacantes con privilegios de administrador pueden realizar ataques XSS contra cada página."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MISP","product":"MISP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.4.193","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-31T16:43:40.580744Z","id":"CVE-2024-58129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.193","matchCriteriaId":"5377D4A2-759A-4C58-A1D0-AADD41F298D4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.193","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2024-58130","sourceIdentifier":"cve@mitre.org","published":"2025-03-28T22:15:17.463","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses."},{"lang":"es","value":"En app/Controller/Component/RestResponseComponent.php en MISP anterior a 2.4.193, los endpoints REST carecen de depuración para respuestas que no sean JSON."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MISP","product":"MISP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.4.193","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-31T16:42:54.092415Z","id":"CVE-2024-58130","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.193","matchCriteriaId":"5377D4A2-759A-4C58-A1D0-AADD41F298D4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.4.193","source":"cve@mitre.org","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2025-2586","sourceIdentifier":"secalert@redhat.com","published":"2025-03-31T12:15:15.073","lastModified":"2026-06-25T23:17:00.883","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability."},{"lang":"es","value":"Se detectó una falla en el servicio OpenShift Lightspeed, vulnerable a la inundación de solicitudes de API no autenticadas. Las consultas repetidas a endpoints inexistentes inflan el almacenamiento y el procesamiento de métricas, consumiendo recursos excesivos. Este problema puede provocar la degradación del sistema de monitorización, un mayor uso del disco y la posible indisponibilidad del servicio. Dado que el problema no requiere autenticación, un atacante externo puede agotar la CPU, la RAM y el espacio en disco, lo que afecta la estabilidad tanto de la aplicación como del clúster."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/openshift/lightspeed-service","packageName":"lightspeed-service","versions":[{"version":"0","lessThan":"88f9dc91856593d878b60ad9a67ffee8d4621ba5","versionType":"git","status":"affected"}]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9","cpes":["cpe:/a:redhat:openshift_lightspeed"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-31T11:57:51.203673Z","id":"CVE-2025-2586","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-2586","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353998","source":"secalert@redhat.com"},{"url":"https://github.com/openshift/lightspeed-service/pull/2369","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-2251","sourceIdentifier":"secalert@redhat.com","published":"2025-04-07T14:15:24.400","lastModified":"2026-06-26T00:16:46.420","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication."},{"lang":"es","value":"Existe una falla de seguridad en WildFly y JBoss Enterprise Application Platform (EAP) dentro del mecanismo de invocación remota de Enterprise JavaBeans (EJB). Esta vulnerabilidad se debe a la deserialización de datos no confiables gestionada por JBoss Marshalling. Esta falla permite a un atacante enviar un objeto serializado especialmente manipulado, lo que provoca la ejecución remota de código sin necesidad de autenticación."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://www.wildfly.org/","packageName":"wildfly","versions":[{"version":"0","lessThan":"36.0.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4.23","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-ejb3","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:2.16.0-21.redhat_00055.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:3.5.10-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"1:1.0.2-5.redhat_00004.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-elytron-web","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.9.6-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-glassfish-jsf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:2.3.14-9.SP10_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:3.3.27-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:6.0.23-3.SP2_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.5.21-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.10.0-42.Final_redhat_00042.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:5.4.15-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:7.4.23-3.GA_redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly-elytron","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"versions":[{"version":"0:1.15.26-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:2.16.0-21.redhat_00055.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:3.5.10-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"1:1.0.2-5.redhat_00004.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-elytron-web","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.9.6-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-glassfish-jsf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:2.3.14-9.SP10_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:3.3.27-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:6.0.23-3.SP2_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.5.21-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.10.0-42.Final_redhat_00042.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:5.4.15-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:7.4.23-3.GA_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly-elytron","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"versions":[{"version":"0:1.15.26-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:2.16.0-21.redhat_00055.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:3.5.10-1.redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-artemis-native","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"1:1.0.2-5.redhat_00004.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-elytron-web","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.9.6-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-glassfish-jsf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:2.3.14-9.SP10_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:3.3.27-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-hibernate-validator","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:6.0.23-3.SP2_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-ironjacamar","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.5.21-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jboss-server-migration","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.10.0-42.Final_redhat_00042.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:5.4.15-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:7.4.23-3.GA_redhat_00002.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly-elytron","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"versions":[{"version":"0:1.15.26-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0.8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"wildfly-ejb3","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.33.0-3.redhat_00017.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-beanutils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:1.11.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:4.0.6-2.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-mime4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:0.8.12-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:800.8.0-1.GA_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-elytron-web","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:4.0.3-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-fastinfoset","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.1.1-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.6.24-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:6.2.36-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-httpcomponents-asyncclient","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:4.1.5-4.redhat_00006.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-remoting","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:5.0.31-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:7.3.3-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-narayana","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:6.0.6-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-neethi","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:3.2.1-1.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.2.21-3.redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-slf4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.0.17-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-velocity","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.3.0-4.redhat_00010.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:8.0.8-4.GA_redhat_00006.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-elytron","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"versions":[{"version":"0:2.2.11-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.33.0-3.redhat_00017.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-commons-beanutils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:1.11.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:4.0.6-2.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-apache-mime4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:0.8.12-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:800.8.0-1.GA_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-elytron-web","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:4.0.3-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-fastinfoset","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.1.1-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.6.24-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:6.2.36-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-httpcomponents-asyncclient","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:4.1.5-4.redhat_00006.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-remoting","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:5.0.31-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jbossws-cxf","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:7.3.3-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-narayana","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:6.0.6-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-neethi","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:3.2.1-1.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.2.21-3.redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-slf4j","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.0.17-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-velocity","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.3.0-4.redhat_00010.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:8.0.8-4.GA_redhat_00006.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-elytron","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"versions":[{"version":"0:2.2.11-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"wildfly-ejb3","cpes":["cpe:/a:redhat:jbosseapxp"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-07T14:18:34.200921Z","id":"CVE-2025-2251","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:10452","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10453","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10459","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10924","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10925","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10926","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:10931","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-2251","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351678","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly/wildfly/pull/18872","source":"secalert@redhat.com"},{"url":"https://github.com/wildfly/wildfly/releases/tag/36.0.0.Final","source":"secalert@redhat.com"},{"url":"https://issues.redhat.com/browse/WFLY-20550","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2024-47829","sourceIdentifier":"security-advisories@github.com","published":"2025-04-23T16:15:29.910","lastModified":"2026-06-22T14:39:30.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0."},{"lang":"es","value":"pnpm es un gestor de paquetes. Antes de la versión 10.0.0, la función de acortamiento de rutas utilizaba la función md5 como función de compresión de acortamiento de rutas, y si se producía una colisión, se obtenía la misma ruta de almacenamiento para dos librerías diferentes. Aunque los nombres reales se encuentran bajo el nombre del paquete /node_modoules/, no hay números de versión para las librerías a las que hacen referencia. Este problema se ha corregido en la versión 10.0.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":"< 10.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-23T16:07:35.550538Z","id":"CVE-2024-47829","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.0.0","matchCriteriaId":"905375B7-4B04-4B7E-8269-C445D6C64250"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-8cc4-rfj6-fhg4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-31177","sourceIdentifier":"secalert@redhat.com","published":"2025-05-07T21:16:03.683","lastModified":"2026-06-26T00:16:47.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"gnuplot is affected by a heap buffer overflow at function utf8_copy_one."},{"lang":"es","value":"gnuplot se ve afectado por un desbordamiento de búfer de montón en la función utf8_copy_one."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://sourceforge.net/projects/gnuplot/","packageName":"gnuplot","versions":[{"version":"0","lessThan":"6.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnuplot","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-08T14:49:00.413488Z","id":"CVE-2025-31177","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnuplot:gnuplot:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"5751A6E2-6E8C-42E7-9349-ABA3262DB079"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-31177","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355342","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://sourceforge.net/p/gnuplot/bugs/2756/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-25250","sourceIdentifier":"psirt@fortinet.com","published":"2025-06-10T17:21:16.550","lastModified":"2026-06-23T13:16:36.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiSASE 25.1.c may allow an authenticated user to access full SSL-VPN settings via crafted URL."},{"lang":"es","value":"Una vulnerabilidad de exposición de información confidencial a un actor no autorizado [CWE-200] en FortiOS versión 7.6.0, versión 7.4.7 y anteriores, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones. El modo web de SSL-VPN puede permitir que un usuario autenticado acceda a la configuración completa de SSL-VPN a través de una URL manipulada."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.7","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.1.c:*:*:*:*:*:*:*"],"versions":[{"version":"25.1.c","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-11T14:42:58.904935Z","id":"CVE-2025-25250","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.1.75:*:*:*:-:*:*:*","matchCriteriaId":"ABDA3F6A-4983-404C-BAEF-9D86C635E722"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.8","matchCriteriaId":"2B680FFD-D548-4E53-877F-71E72C99E25E"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"44CE8EE3-D64A-49C8-87D7-C18B302F864A"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-257","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-6965","sourceIdentifier":"cve-coordination@google.com","published":"2025-07-15T14:15:31.080","lastModified":"2026-06-26T16:36:04.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."},{"lang":"es","value":"Existe una vulnerabilidad en las versiones de SQLite anteriores a la 3.50.2 donde el número de términos agregados podría exceder el número de columnas disponibles. Esto podría causar un problema de corrupción de memoria. Recomendamos actualizar a la versión 3.50.2 o superior."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"SQLite","product":"SQLite","defaultStatus":"unaffected","collectionURL":"https://www.sqlite.org/src","packageName":"expr.c","programFiles":["expr.c"],"versions":[{"version":"0","lessThan":"3.50.2","versionType":"semver","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM CROSSBOW Station Access Controller (SAC)","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V5.8","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIDIS Prime","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V4.0.800","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T00:00:00+00:00","id":"CVE-2025-6965","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-197"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*","versionEndExcluding":"3.50.2","matchCriteriaId":"C1739DFA-8AEF-4CDE-9CB8-A1B601EA6FDB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"AC9B51FF-EC89-40F2-85EE-8A66985A243D"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"A44CDF02-677F-4272-A3A8-EC5D469C9996"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"8ED3076A-FC9B-42FD-9CAE-7A9DE08F4916"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"1CF81537-0CA3-4123-90C1-D3C93DDB71DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"91991A25-BEC6-4BCE-ADB1-A24F58C0CEAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"26.0.0","matchCriteriaId":"60663EF6-4AD2-4636-B7A3-0EE61CF77FA2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:ruggedcom_crossbow:*:*:*:*:*:*:*:*","versionEndExcluding":"5.8","matchCriteriaId":"4350B5FC-5388-4C1A-B34A-B70CF55943D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sidis_prime:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.800","matchCriteriaId":"70C837EA-DC9E-4337-9988-33A3FFACEB32"}]}]}],"references":[{"url":"https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8","source":"cve-coordination@google.com","tags":["Patch"]},{"url":"http://seclists.org/fulldisclosure/2025/Sep/49","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2025/Sep/53","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2025/Sep/56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2025/Sep/57","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2025/Sep/58","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/09/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-225816.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-485750.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-7962","sourceIdentifier":"emo@eclipse.org","published":"2025-07-21T18:15:28.820","lastModified":"2026-06-23T12:16:24.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages."},{"lang":"es","value":"En Jakarta Mail 2.2 es posible realizar una inyección SMTP utilizando los caracteres UTF-8 \\r y \\n para separar diferentes mensajes."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Jakarta Mail","defaultStatus":"unaffected","versions":[{"version":"1.6.8","status":"unaffected"},{"version":"2.0.2","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-07-21T17:41:32.809192Z","id":"CVE-2025-7962","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-147"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jakarta_mail:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.8","matchCriteriaId":"FEFEC483-5208-40D2-A3E0-81409A54D3FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:jakarta_mail:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.2","matchCriteriaId":"2DA37DAA-95B2-471A-93E8-2B9459368A44"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:angus_mail:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.4","matchCriteriaId":"121CB7D5-14DE-4DB8-81C3-C574905C53F8"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/67","source":"emo@eclipse.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/09/03/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-7195","sourceIdentifier":"secalert@redhat.com","published":"2025-08-07T19:15:29.367","lastModified":"2026-06-26T00:16:49.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"operator-framework","product":"operator-sdk","defaultStatus":"unaffected","collectionURL":"https://github.com/operator-framework/operator-sdk","packageName":"operator-sdk","versions":[{"version":"0","lessThan":"0.15.2","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"RHEL-9-CNV-4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"container-native-virtualization/cluster-network-addons-operator-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4.17::el9"],"versions":[{"version":"v4.17.39-2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-9-CNV-4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"container-native-virtualization/cluster-network-addons-operator-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4.18::el9"],"versions":[{"version":"v4.18.25-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"RHEL-9-CNV-4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"container-native-virtualization/cluster-network-addons-operator-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4.20::el9"],"versions":[{"version":"v4.20.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/addon-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/discovery-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/placement-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-operator-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/work-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"v2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/addon-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/discovery-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/managedcluster-import-controller-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/placement-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-operator-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/work-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/addon-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/discovery-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/managedcluster-import-controller-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/placement-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-operator-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/work-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"v2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/addon-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765872406","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1766360304","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/discovery-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765669648","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/managedcluster-import-controller-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765866268","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/placement-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765872399","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-operator-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765872402","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765872398","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/work-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1765872400","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/addon-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/discovery-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/managedcluster-import-controller-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/placement-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-operator-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/registration-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/work-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"v2.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift Compliance Operator 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-compliance-rhel8-operator","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"versions":[{"version":"1.8.0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift Compliance Operator 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-compliance-rhel8-operator","cpes":["cpe:/a:redhat:openshift_compliance_operator:1::el9"],"versions":[{"version":"1768172669","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift File Integrity Operator - FIO 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"compliance/openshift-file-integrity-rhel8-operator","cpes":["cpe:/a:redhat:openshift_file_integrity_operator:1::el9"],"versions":[{"version":"v1.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"v2.11","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-application-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"v2.11","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-channel-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"v2.11","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-subscription-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"v2.11","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-cluster-permission-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicloud-integrations-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-application-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-channel-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-subscription-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"v2.12","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-cluster-permission-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773285089","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicloud-integrations-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773259164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-application-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773259182","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-channel-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773358651","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-subscription-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773090513","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-cluster-permission-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1767569821","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1767829032","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-cluster-permission-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1767569821","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/cluster-backup-rhel9-operator","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1767656229","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1767829032","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-cluster-permission-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/klusterlet-addon-controller-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicloud-integrations-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-application-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-channel-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-subscription-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"v2.14","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicloud-integrations-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1769720041","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-application-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1770343757","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-channel-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1769721579","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/multicluster-operators-subscription-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1770336554","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178221","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178236","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178273","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178715","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178261","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178354","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178419","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178768","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178319","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178386","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178406","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178615","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178379","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178329","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178423","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764178419","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"],"versions":[{"version":"v4.14-1764215448","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176261","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176342","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176372","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176892","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176485","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176698","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176699","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176675","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177101","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176690","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764221806","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764222436","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177174","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177033","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764176958","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177101","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177020","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"],"versions":[{"version":"v4.15-1764177029","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764168955","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169118","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169242","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169544","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169347","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169479","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169526","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169464","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169687","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169457","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169527","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169577","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169730","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169598","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169623","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764169710","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764170019","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"v4.16-1764170021","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764167834","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764167795","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764167826","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764167876","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168179","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764167987","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168476","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168475","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168431","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168662","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168475","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168536","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168609","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168731","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168699","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764168859","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764169063","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764169125","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"v4.17-1764169222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854289","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854280","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854280","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854319","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761855549","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854321","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854422","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854430","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854457","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854484","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854398","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854494","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854493","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854504","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854489","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761855467","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761854524","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1762335558","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"v4.18-1761855234","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/addon-manager-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/clusterlifecycle-state-metrics-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/discovery-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/hypershift-addon-rhel8-operator","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/hypershift-addon-rhel9-operator","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/managedcluster-import-controller-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/placement-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/registration-operator-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/registration-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/work-rhel8","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Global Hub","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-globalhub/multicluster-globalhub-agent-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub"]},{"vendor":"Red Hat","product":"Multicluster Global Hub","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-globalhub/multicluster-globalhub-manager-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub"]},{"vendor":"Red Hat","product":"Multicluster Global Hub","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-globalhub/multicluster-globalhub-rhel9-operator","cpes":["cpe:/a:redhat:multicluster_globalhub"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-cluster-permission-rhel8","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-governance-policy-framework-addon-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/cert-policy-controller-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/config-policy-controller-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/endpoint-monitoring-rhel9-operator","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/governance-policy-propagator-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/grafana-dashboard-loader-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/iam-policy-controller-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/klusterlet-addon-controller-rhel8","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/metrics-collector-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/multicloud-integrations-rhel8","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/multicluster-observability-rhel9-operator","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/multicluster-operators-application-rhel8","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/multicluster-operators-channel-rhel8","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/rbac-query-proxy-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/search-collector-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-rhel8-operator","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"apicurio/apicurio-registry-rhel8-operator","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"apicurio/apicurio-registry-rhel8-operator","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"fuse7/fuse-apicurito-rhel8-operator","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compliance/openshift-compliance-rhel8-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/cnf-tests-rhel8","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/cnf-tests-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/lifecycle-agent-operator-bundle","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/topology-aware-lifecycle-manager-operator-bundle","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ztp-site-generate-rhel8","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/cluster-network-addons-operator-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Web Terminal","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"web-terminal/web-terminal-exec-rhel9","cpes":["cpe:/a:redhat:webterminal:1"]},{"vendor":"Red Hat","product":"Red Hat Web Terminal","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"web-terminal/web-terminal-rhel9-operator","cpes":["cpe:/a:redhat:webterminal:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-07T19:23:11.314765Z","id":"CVE-2025-7195","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://access.redhat.com/errata/RHEA-2025:23406","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHEA-2025:23478","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHEA-2026:0129","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19332","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19335","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19958","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:19961","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21368","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22415","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22416","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22418","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22420","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:22684","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23528","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23529","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23542","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0627","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0718","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0722","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0737","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:2572","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:5633","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-7195","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376300","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-11226","sourceIdentifier":"vulnerability@ncsc.ch","published":"2025-10-01T08:15:31.250","lastModified":"2026-06-25T17:16:37.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ACE vulnerability in conditional configuration file processing  by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\n\n\nA successful attack requires the presence of Janino library and Spring Framework to be present on the user's class path. In addition, the attacker must  have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege."}],"affected":[{"source":"vulnerability@ncsc.ch","affectedData":[{"vendor":"QOS.CH Sarl","product":"Logback-core","defaultStatus":"affected","modules":["logback-core"],"platforms":["Java"],"versions":[{"version":"0.9.20","lessThanOrEqual":"1.5.18","versionType":"maven","status":"affected"},{"version":"1.5.19","status":"unaffected"},{"version":"1.3.16","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:X/RE:M/U:Green","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:04:36.111603Z","id":"CVE-2025-11226","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://logback.qos.ch/news.html#1.3.16","source":"vulnerability@ncsc.ch"},{"url":"https://logback.qos.ch/news.html#1.5.19","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2025-64307","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2025-11-15T00:15:47.700","lastModified":"2026-06-25T23:17:02.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Brightpick AI","product":"Brightpick Mission Control / Internal Logic Control","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.67.0","versionType":"custom","status":"affected"},{"version":"1.67.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-17T16:51:23.443518Z","id":"CVE-2025-64307","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://brightpick.ai/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2025-64308","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2025-11-15T00:15:47.893","lastModified":"2026-06-25T23:17:02.227","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Brightpick AI","product":"Brightpick Mission Control / Internal Logic Control","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.67.0","versionType":"custom","status":"affected"},{"version":"1.67.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-17T16:58:27.359339Z","id":"CVE-2025-64308","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-523"}]}],"references":[{"url":"https://brightpick.ai/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2025-64309","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2025-11-15T00:15:48.080","lastModified":"2026-06-25T23:17:02.363","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Brightpick AI","product":"Brightpick Mission Control / Internal Logic Control","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.67.0","versionType":"custom","status":"affected"},{"version":"1.67.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-17T18:54:14.035386Z","id":"CVE-2025-64309","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-523"}]}],"references":[{"url":"https://brightpick.ai/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2025-54821","sourceIdentifier":"psirt@fortinet.com","published":"2025-11-18T17:16:03.490","lastModified":"2026-06-23T13:16:38.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.11, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSASE 25.2.91 may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiPAM","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.6.0","status":"affected"},{"version":"1.5.0","lessThanOrEqual":"1.5.1","versionType":"semver","status":"affected"},{"version":"1.4.0","lessThanOrEqual":"1.4.3","versionType":"semver","status":"affected"},{"version":"1.3.0","lessThanOrEqual":"1.3.1","versionType":"semver","status":"affected"},{"version":"1.2.0","status":"affected"},{"version":"1.1.0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"},{"version":"1.0.0","lessThanOrEqual":"1.0.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.2.91:*:*:*:*:*:*:*"],"versions":[{"version":"25.2.91","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.11","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-18T20:04:52.328701Z","id":"CVE-2025-54821","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.6.4","matchCriteriaId":"4DA70753-E996-4081-9C13-7F60AC993B09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.6.1","matchCriteriaId":"EB0F5A7C-02C2-4D67-92BC-15380F86A373"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.6.4","matchCriteriaId":"A70BE83D-8851-47DB-9360-B5B2E7CAE1ED"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-545","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-65955","sourceIdentifier":"security-advisories@github.com","published":"2025-12-02T23:15:45.603","lastModified":"2026-06-23T17:16:39.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","versions":[{"version":">= 7.0.1-0, < 7.1.2-9","status":"affected"},{"version":"< 6.9.13-34","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-03T14:55:39.239086Z","id":"CVE-2025-65955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-34","matchCriteriaId":"2863112C-36DC-40B6-A685-D077750AA883"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-9","matchCriteriaId":"4952FECC-087D-40B6-93F0-8E66CC53B89C"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/6f81eb15f822ad86e8255be75efad6f9762c32f8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-67906","sourceIdentifier":"cve@mitre.org","published":"2025-12-15T04:15:37.110","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MISP","product":"MISP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.28","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-15T16:04:07.901652Z","id":"CVE-2025-67906","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.28","matchCriteriaId":"2071A715-5BB8-4BB4-A6C1-3352AFA6E5EF"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/compare/v2.5.27...v2.5.28","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://github.com/franckferman/CVE-2025-67906","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/franckferman/GCVE-1-2025-0030","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://vulnerability.circl.lu/vuln/gcve-1-2025-0031","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/franckferman/CVE-2025-67906","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-11393","sourceIdentifier":"secalert@redhat.com","published":"2025-12-15T17:15:51.870","lastModified":"2026-06-26T00:16:45.943","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle.\n\nThis allows a standard user within the cluster to send unauthorized commands to the management platform, effectively acting with the full permissions of the cluster administrator. This could lead to unauthorized changes to the cluster's configuration or status on the Red Hat platform."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Lightspeed (formerly Insights) for Runtimes 1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator","cpes":["cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"],"versions":[{"version":"1.0.0-1765483112","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Runtimes Inventory Operator","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator","cpes":["cpe:/a:redhat:insights-runtimes:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-15T18:06:14.762878Z","id":"CVE-2025-11393","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-441"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:23236","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-11393","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402032","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2025-69262","sourceIdentifier":"security-advisories@github.com","published":"2026-01-07T23:15:50.330","lastModified":"2026-06-22T14:39:11.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pnpm","product":"pnpm","versions":[{"version":">=6.25.0, < 10.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-09T04:55:30.635263Z","id":"CVE-2025-69262","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*","versionStartIncluding":"6.25.0","versionEndExcluding":"10.27.0","matchCriteriaId":"57A10E50-1C0A-4C99-BB76-AD06799DB37B"}]}]}],"references":[{"url":"https://github.com/pnpm/pnpm/releases/tag/v10.27.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-2phv-j68v-wwqx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/pnpm/pnpm/security/advisories/GHSA-2phv-j68v-wwqx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-70974","sourceIdentifier":"cve@mitre.org","published":"2026-01-09T07:16:02.677","lastModified":"2026-06-27T05:16:41.227","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845."},{"lang":"es","value":"Fastjson anterior a 1.2.48 maneja incorrectamente autoType porque, cuando una clave @type está en un documento JSON y el valor de esa clave es el nombre de una clase Java, puede haber llamadas a ciertos métodos públicos de esa clase. Dependiendo del comportamiento de esos métodos, puede haber inyección JNDI con una carga útil proporcionada por el atacante ubicada en otra parte de ese documento JSON. Esto fue explotado en la naturaleza entre 2023 y 2025. NOTA: este problema existe debido a una corrección incompleta para CVE-2017-18349. Además, una omisión posterior está cubierta por CVE-2022-25845."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Alibaba","product":"Fastjson","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.2.48","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:service_mesh:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:camel_spring_boot:4"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:debezium:2"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-09T21:37:04.264336Z","id":"CVE-2025-70974","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-829"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955","source":"cve@mitre.org"},{"url":"https://github.com/alibaba/fastjson/compare/1.2.47...1.2.48","source":"cve@mitre.org"},{"url":"https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce","source":"cve@mitre.org"},{"url":"https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger","source":"cve@mitre.org"},{"url":"https://www.cnvd.org.cn/flaw/show/CNVD-2019-22238","source":"cve@mitre.org"},{"url":"https://www.freebuf.com/vuls/208339.html","source":"cve@mitre.org"},{"url":"https://www.seebug.org/vuldb/ssvid-98020","source":"cve@mitre.org"},{"url":"https://access.redhat.com/security/cve/CVE-2025-70974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70974.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-61686","sourceIdentifier":"security-advisories@github.com","published":"2026-01-10T03:15:48.283","lastModified":"2026-06-27T05:16:40.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files. Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information. This issue has been patched in @react-router/node version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2."},{"lang":"es","value":"React Router es un router para React. En las versiones de @react-router/node 7.0.0 a 7.9.3, @remix-run/deno anteriores a la versión 2.17.2, y @remix-run/node anteriores a la versión 2.17.2, si se utiliza createFileSessionStorage() de @react-router/node (o @remix-run/node/@remix-run/deno en Remix v2) con una cookie sin firmar, es posible que un atacante haga que la sesión intente leer/escribir desde una ubicación fuera del directorio de archivos de sesión especificado. El éxito del ataque dependería de los permisos del proceso del servidor web para acceder a esos archivos. Los archivos leídos no pueden ser devueltos directamente al atacante. Las lecturas de archivos de sesión solo tendrían éxito si el archivo coincidiera con el formato de archivo de sesión esperado. Si el archivo coincidiera con el formato de archivo de sesión, los datos se poblarían en la sesión del lado del servidor pero no se devolverían directamente al atacante a menos que la lógica de la aplicación devolviera información específica de la sesión. Este problema ha sido parcheado en la versión 7.9.4 de @react-router/node, la versión 2.17.2 de @remix-run/deno y la versión 2.17.2 de @remix-run/node."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"remix-run","product":"react-router","versions":[{"version":"@react-router/node >= 7.0.0, < 7.9.4","status":"affected"},{"version":"@remix-run/deno < 2.17.2","status":"affected"},{"version":"@remix-run/node < 2.17.2","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Gatekeeper 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:gatekeeper:3"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:migration_toolkit_applications:7"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:network_observ_optr:1"]},{"vendor":"Red Hat","product":"Node HealthCheck Operator","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:workload_availability_nhc:0"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:service_mesh:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat build of OptaPlanner 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:optaplanner:::el6"]},{"vendor":"Red Hat","product":"Red Hat Connectivity Link 1","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:connectivity_link:1"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Edge Manager 1","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:edge_manager:1"]},{"vendor":"Red Hat","product":"Red Hat Edge Manager preview","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:edge_manager:0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Profile Analyzer","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:trusted_profile_analyzer:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-12T13:58:36.773708Z","id":"CVE-2025-61686","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shopify:react-router\\/node:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.9.4","matchCriteriaId":"1E0C856C-476D-482F-8047-7F4D5F0B4204"},{"vulnerable":true,"criteria":"cpe:2.3:a:shopify:remix-run\\/deno:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.17.2","matchCriteriaId":"B47283CD-6965-448D-98CA-2A1BEED89A74"},{"vulnerable":true,"criteria":"cpe:2.3:a:shopify:remix-run\\/node:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.17.2","matchCriteriaId":"C506FB64-B70B-40CF-8A14-C7BA394D1814"}]}]}],"references":[{"url":"https://github.com/remix-run/react-router/security/advisories/GHSA-9583-h5hc-x8cw","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-61686","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428423","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61686.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20750","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-01-22T22:16:17.370","lastModified":"2026-06-27T05:16:42.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization."},{"lang":"es","value":"Gitea no valida correctamente la titularidad de los proyectos en las operaciones de proyectos de la organización. Un usuario con permisos de escritura en proyectos de una organización podría modificar proyectos pertenecientes a una organización diferente."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.25.3","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-23T21:12:12.632348Z","id":"CVE-2026-20750","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*","versionEndExcluding":"1.25.4","matchCriteriaId":"DFCB7D74-331D-4582-AB41-113A25BE8FAA"}]}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/pull/36318","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/pull/36373","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-h4fh-pc4w-8w27","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Broken Link"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-20750","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-20750.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20897","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-01-22T22:16:18.960","lastModified":"2026-06-27T05:16:42.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories."},{"lang":"es","value":"Gitea no valida correctamente la propiedad del repositorio al eliminar bloqueos de Git LFS. Un usuario con acceso de escritura a un repositorio podría eliminar bloqueos LFS pertenecientes a otros repositorios."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.25.3","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-23T17:56:55.236953Z","id":"CVE-2026-20897","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*","versionEndExcluding":"1.25.4","matchCriteriaId":"DFCB7D74-331D-4582-AB41-113A25BE8FAA"}]}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/pull/36344","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/pull/36349","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-rrq5-r9h5-pc7c","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Broken Link"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-20897","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432204","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-20897.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20912","sourceIdentifier":"88ee5874-cf24-4952-aea0-31affedb7ff2","published":"2026-01-22T22:16:19.297","lastModified":"2026-06-27T05:16:42.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users."},{"lang":"es","value":"Gitea no valida correctamente la propiedad del repositorio al vincular adjuntos a las versiones. Un adjunto subido a un repositorio privado podría vincularse potencialmente a una versión en un repositorio público diferente, haciéndolo accesible a usuarios no autorizados."}],"affected":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","affectedData":[{"vendor":"Gitea","product":"Gitea Open Source Git Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.25.3","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-23T17:51:12.073308Z","id":"CVE-2026-20912","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"88ee5874-cf24-4952-aea0-31affedb7ff2","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-283"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*","versionEndExcluding":"1.25.4","matchCriteriaId":"DFCB7D74-331D-4582-AB41-113A25BE8FAA"}]}]}],"references":[{"url":"https://blog.gitea.com/release-of-1.25.4/","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/pull/36320","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/pull/36355","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/go-gitea/gitea/releases/tag/v1.25.4","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Release Notes"]},{"url":"https://github.com/go-gitea/gitea/security/advisories/GHSA-vfmv-f93v-37mw","source":"88ee5874-cf24-4952-aea0-31affedb7ff2","tags":["Broken Link"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-20912","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432219","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-20912.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-21509","sourceIdentifier":"secure@microsoft.com","published":"2026-01-26T18:16:38.540","lastModified":"2026-06-25T05:16:53.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally."},{"lang":"es","value":"Dependencia de entradas no confiables en una decisión de seguridad en Microsoft Office permite a un atacante no autorizado eludir una característica de seguridad localmente."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5539.1001","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"16.0.10417.20095","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-26T00:00:00+00:00","id":"CVE-2026-21509","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-01-26","cisaActionDue":"2026-02-16","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Microsoft Office Security Feature Bypass Vulnerability","weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-807"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*","matchCriteriaId":"72324216-4EB3-4243-A007-FEF3133C7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*","matchCriteriaId":"0FBB0E61-7997-4F26-9C07-54912D3F1C10"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*","matchCriteriaId":"CF5DDD09-902E-4881-98D0-CB896333B4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*","matchCriteriaId":"26A3B226-5D7C-4556-9350-5222DC8EFC2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*","matchCriteriaId":"851BAC4E-9965-4F40-9A6C-B73D9004F4C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*","matchCriteriaId":"23B2FA23-76F4-4D83-A718-B8D04D7EA37B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*","matchCriteriaId":"D31E509A-0B2E-4B41-88C4-0099E800AFE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*","matchCriteriaId":"017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/cve-2026-21509-detection-script-microsoft-office-security-feature-bypass-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.vicarius.io/vsociety/posts/cve-2026-21509-mitigation-script-microsoft-office-security-feature-bypass-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21509","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-25521","sourceIdentifier":"security-advisories@github.com","published":"2026-02-04T22:15:59.203","lastModified":"2026-06-27T05:16:43.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using String.prototype. This issue has been patched in version 2.0.39."},{"lang":"es","value":"Locutus incorpora librerías estándar de otros lenguajes de programación a JavaScript con fines educativos. En las versiones desde la 2.0.12 hasta antes de la 2.0.39, existe una vulnerabilidad de contaminación de prototipos en Locutus. A pesar de una corrección anterior que intentó mitigar la contaminación de prototipos verificando si la entrada del usuario contenía una clave prohibida, todavía es posible contaminar Object.prototype mediante una entrada manipulada utilizando String.prototype. Este problema ha sido corregido en la versión 2.0.39."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"locutusjs","product":"locutus","versions":[{"version":">= 2.0.12, < 2.0.39","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:logging:5"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-05T14:23:07.184247Z","id":"CVE-2026-25521","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:locutus:locutus:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.12","versionEndExcluding":"2.0.39","matchCriteriaId":"F90DC302-09EA-4098-98B1-8B553D0A7C9E"}]}]}],"references":[{"url":"https://github.com/locutusjs/locutus/commit/042af9ca7fde2ff599120783e720a17f335bb01c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/locutusjs/locutus/security/advisories/GHSA-rxrv-835q-v5mh","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-25521","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436950","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25521.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-1709","sourceIdentifier":"secalert@redhat.com","published":"2026-02-06T20:16:09.193","lastModified":"2026-06-27T05:16:42.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate."},{"lang":"es","value":"Se encontró un defecto en Keylime. El registrador de Keylime, desde la versión 7.12.0, no exige la autenticación de Transport Layer Security (TLS) del lado del cliente. Esta vulnerabilidad de omisión de autenticación permite a clientes no autenticados con acceso a la red realizar operaciones administrativas, incluyendo listar agentes, recuperar datos públicos de Trusted Platform Module (TPM) y eliminar agentes, al conectarse sin presentar un certificado de cliente."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keylime","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:7.12.1-11.el10_1.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keylime","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:7.12.1-2.el10_0.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keylime","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:7.12.1-11.el9_7.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-06T19:38:04.458253Z","id":"CVE-2026-1709","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-322"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-322"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"34990D09-125F-48CA-B85E-9D9F0EB4BC07"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"39DBA47B-96D0-4EF3-A653-193B6BDCD795"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*","matchCriteriaId":"15C78B63-6947-4580-BA46-8418C5FB10B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"8492E227-C09E-4F51-8EAF-0F7BCCD41A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"6D8456B7-F13F-4E74-B610-F1301B738A6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"1FABD546-0E45-4A65-A2E5-50EC62B852E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"189D490B-E674-4957-BD84-B0615A06FBF7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*","versionEndExcluding":"7.12.0","matchCriteriaId":"ACE3AA5F-45C3-4431-A917-7F9AC642C6BF"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:2224","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2225","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2298","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-1709","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435514","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2225","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2298","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-1709","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435514","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1709.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-9953","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-02-19T12:16:15.707","lastModified":"2026-06-25T13:16:31.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.\n\nThis issue affects Databank Accreditation Software: before 2026/04."},{"lang":"es","value":"Omisión de autorización a través de una vulnerabilidad de clave primaria SQL controlada por el usuario en el Software de Acreditación Databank de DATABASE Software Training Consulting Ltd. permite la inyección SQL. Este problema afecta al Software de Acreditación Databank: hasta el 19022026.\n\nNOTA: El proveedor fue contactado temprano sobre esta divulgación pero no respondió de ninguna manera."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"DATABASE Software Training Consulting Ltd.","product":"Databank Accreditation Software","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026/04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-20T20:26:51.574524Z","id":"CVE-2025-9953","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-566"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0078","source":"iletisim@usom.gov.tr"},{"url":"https://www.usom.gov.tr/bildirim/tr-26-0078","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-25968","sourceIdentifier":"security-advisories@github.com","published":"2026-02-24T02:16:01.647","lastModified":"2026-06-23T17:16:42.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch."},{"lang":"es","value":"ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, ocurre un desbordamiento de búfer de pila al procesar un atributo en msl.c. Un valor largo desborda un búfer de pila de tamaño fijo, lo que lleva a la corrupción de memoria. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","versions":[{"version":">= 7.0.0, < 7.1.2-15","status":"affected"},{"version":"< 6.9.13-40","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-26T21:03:09.507203Z","id":"CVE-2026-25968","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-40","matchCriteriaId":"C6F44A65-1733-4752-AAD0-BCCC7BDBC877"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"6AFFD439-1068-4B6F-AE01-724AC62CDCEA"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-25969","sourceIdentifier":"security-advisories@github.com","published":"2026-02-24T02:16:01.807","lastModified":"2026-06-23T17:16:42.963","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure.  However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch."},{"lang":"es","value":"ImageMagick es un software libre y de código abierto utilizado para editar y manipular imágenes digitales. Antes de la versión 7.1.2-15, existe una fuga de memoria en `coders/ashlar.c`. La `WriteASHLARImage` asigna una estructura. Sin embargo, cuando se lanza una excepción, la memoria asignada no se libera correctamente, lo que resulta en una posible fuga de memoria. La versión 7.1.2-15 contiene un parche."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","versions":[{"version":"< 7.1.2-15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-26T21:02:52.426264Z","id":"CVE-2026-25969","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.2-15","matchCriteriaId":"B89F5759-9F8D-4C89-8D35-0FCE2AE715A4"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-27595","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T03:16:04.437","lastModified":"2026-06-26T17:00:06.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration."},{"lang":"es","value":"Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el endpoint de la API del Agente de IA (POST `/apps/:appId/agent`) tiene múltiples vulnerabilidades de seguridad que, cuando se encadenan, permiten a atacantes remotos no autenticados realizar operaciones arbitrarias de lectura y escritura contra cualquier base de datos de Parse Server conectada utilizando la clave maestra. La característica del agente es opcional; los paneles de control sin una configuración de agente no se ven afectados. La corrección en la versión 9.0.0-alpha.8 añade autenticación, validación de CSRF y middleware de autorización por aplicación al endpoint del agente. Los usuarios de solo lectura están restringidos a la `readOnlyMasterKey` con los permisos de escritura eliminados en el lado del servidor. También se corrigió una colisión de clave de caché entre la clave maestra y la clave maestra de solo lectura. Como solución alternativa, elimine o comente el bloque de configuración del agente de su configuración de Parse Dashboard."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-dashboard","versions":[{"version":">= 7.3.0-alpha.42, < 9.0.0-alpha.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T17:13:57.501003Z","id":"CVE-2026-27595","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"07E54A25-BB5E-4E4F-B3EC-0B9979CC067D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"C8E605D1-F9FB-4AB4-9FFA-211F01496FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha44:*:*:*:node.js:*:*","matchCriteriaId":"0E68DA89-5409-4F06-A69A-7C4672D10521"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"F41426EE-2CD5-4E74-A4D0-1B3BA49A9481"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"97BF4F76-319D-4DE8-A6E4-A8F08D384C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"83A19B88-2B7B-4C19-ABC9-AB01574608D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"B96B7FF8-7BF6-48B8-9887-EA7D9327DF35"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"014B82A6-F7D9-4B05-8D36-31781D177D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"E6B6F40D-5FD8-4EF9-9AE9-DCA471C5CAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"04966183-2013-4AC5-95C0-C3536AE97D3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"00572EFD-7E41-42D9-8412-0C25F9AAABE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"E444707A-C905-485C-8CDB-AE3B8780C56A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"49327FD3-E9B0-4245-8126-EF44DDE6EB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F068BEBE-FF4F-45BA-A3ED-C1A4E6ACA2FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"819B012F-E02A-4E7E-8935-F534270F8A80"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"25C0D991-B416-4BC1-882A-61FFB3E815CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"44D86A4C-7105-42BE-82B3-15736D0C7164"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"8EFB3F3E-4F2F-4975-8B5D-CC6E17489386"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"BADD19AE-F281-4222-B7BE-535EC4045F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"EB952B96-D2A1-4706-8054-C3DB72388E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"B867C0D1-DB8B-44E9-B147-F92A74BF0B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"5AE07136-83B7-4DE5-9F90-3C3B11E0AF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"5EA360CA-BFAB-4CDE-AD59-CC10F5D0601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0471F4A9-2DF0-429E-86BA-267F8DA92319"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"74421939-B72D-41DA-A276-2137C8D87A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"620A6F14-7697-4B03-A116-6E54DD6DD806"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"6959259A-2208-42B9-8FD4-65BB60F8A355"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F1E70933-B30D-493C-A8BA-20FA873E3AFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"59953623-4467-4BF8-916D-7FAF85E7B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"006F6095-1A9A-4418-B7A3-9040823B6D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A7902611-FAC7-43A6-A86A-0B6D232EE3F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"ACC8F371-7DA0-4269-9080-3CCEF0F193FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"E7835681-3581-4834-B6F1-0F48CD5231F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"4760B32F-6943-4BC6-9893-ECE12839291D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F1598567-50D0-4D26-9B60-6067E8070D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"02CDB7B1-5CD7-402D-ACDA-CFD5DCCA1455"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4E461A18-5EB0-4E9E-9670-82B2ABF568F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"794EE02E-6D86-4E4D-9F00-443BFFB78C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"6120C309-768A-4477-BF34-0AD21A104A19"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"4314A7D2-5CA8-4081-BF2B-88A7175B14FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A222119F-5962-49E2-94B5-C3BBC8B19584"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"7F8A9B5B-A1CE-4C86-A031-E638FDEAFE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"D5365B15-3725-4E8B-A0BA-2D4513706AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CEE8CA47-2A8A-44F4-8ABC-C899DA12A49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"B4065C00-6E46-4B19-B32F-9A485EF9AAB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"E6A9E323-7A79-4068-A596-826DB8393273"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F07743D3-82D8-425E-918E-D689DFF5B456"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"77DE8253-E642-4247-8AD7-444C658C11B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"45558A90-0C09-485F-BC7A-DC7403AADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"147EA8FF-8CCD-442C-A9AF-B3B413AC08AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"DE95BEF0-E579-4EAF-BC5D-49C6A097A029"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"B9C9BAF7-52AA-4117-9EB9-15B23625BB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"751EF4D4-017A-40E6-A4DA-73CE3E6E6F18"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"909CEA7C-20A0-4E59-80CA-ECED455AB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"9CDE7AA9-E25F-4614-8824-75BD61137383"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"62F4B0D7-F3C2-4279-97D7-027FA84A69D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"AB00F9FE-2BC9-4DDC-90EC-BB4E344D7FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"F747C7B3-7B22-4977-ACA6-A61A72966EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CFA065EB-17EF-4BDC-90C3-7612DA0BAEE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"3D063244-3964-4538-BD71-444C4AC78159"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"14F2E6D0-BF45-44C6-B09E-BBCB0D9A5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"A035B1BF-8A6E-43BD-B497-5880069DE701"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"EA0EF875-506C-41F6-9982-C615BD7F736A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"C685FFA6-8C20-4E45-8C8F-7CAE843272E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"E5069E97-CAAC-4609-A679-D9ED85E46183"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"0A3896DE-2FEE-4745-93D4-20B94CF821B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"12BB3FFA-33B6-46DA-B128-41F1B569EEDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"1BEA50F8-8F8C-4CF2-A0D2-83FE4A417984"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"68AAA2B1-BCFA-47B5-B340-CD7B182EE0DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"FB746E76-8E6D-4AA1-9E41-8B621F6B0817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"8606D8A6-3670-4C7A-89C0-C79B47DAE462"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"AC53D1E9-E4DE-47BD-961A-AE3B201E6D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"11921795-B289-49B8-9B13-9E4D092DAD1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"C9CC23DE-F84D-48F3-9474-65B240B4A773"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"4D0E3EE7-57AD-469E-8C16-58A797413D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"6E8CFB57-3235-48EF-85AA-6F93F75DBFFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"298D7F20-184C-4D46-9BD0-952A5238CE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4EDA824F-BDD0-45CF-8707-90152F0DC8A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"EFC686E3-4ACA-4DCE-8619-872A1D5A00E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"62C667AB-C243-4EE5-A11F-903548659361"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"BE5FFADF-61A9-4020-A440-A87513F8D16E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"812CD7D7-E4D0-4121-BB4B-861AFE503215"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"A9686411-3378-4786-9581-CAF7214C3482"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"D5BAA8AC-6CC6-4B5E-A487-BC3665388CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"C96A930D-5799-4414-8146-466A207E7E30"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CB077789-E12B-46A3-B81F-4EA99A1DE9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"11C1FCFE-6D33-45F4-837D-26E9F01054C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"200E06EA-A9AB-48E5-96D7-E4A8E33D29A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"99D5280F-7737-4D4A-9342-2DB2BA95E229"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"274221FB-AF14-47A7-87AE-93387A65C7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"018EF99F-F091-4D7B-9EB9-AF8E24D51846"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"CADB1CC2-8821-4BC8-BDE0-F543A9CC1B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"1891DDB0-64E4-4D4F-A8BB-4839DE3334E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"61914E73-4231-4BBF-8BA3-542FE40DADD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"EAE46D0A-5E3B-4DD7-B6BF-5F93E9193B21"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha28:*:*:*:node.js:*:*","matchCriteriaId":"4CF57878-E430-4600-9B99-CC39BE38CDE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha29:*:*:*:node.js:*:*","matchCriteriaId":"A12F9A7B-C5D0-444F-8422-58D1041AAE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"C219A394-FB58-49C4-9EC1-50F5780B1F71"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha30:*:*:*:node.js:*:*","matchCriteriaId":"A4BFB7F4-A2F6-43F8-9883-883F7B556419"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha31:*:*:*:node.js:*:*","matchCriteriaId":"003CAEE4-938C-4B9B-9BD2-1894C2B3F2CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha32:*:*:*:node.js:*:*","matchCriteriaId":"B7EE5788-DAC1-447A-872D-829B17C02FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha33:*:*:*:node.js:*:*","matchCriteriaId":"5B4DDFC3-21D9-447D-9777-5CF2D54C2303"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha34:*:*:*:node.js:*:*","matchCriteriaId":"DB68E100-845B-4AD1-A9F6-F31BD98C5816"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha35:*:*:*:node.js:*:*","matchCriteriaId":"F653F5C7-7F6F-476B-B435-4DB002B8FCE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha36:*:*:*:node.js:*:*","matchCriteriaId":"1FE9FBDF-C5D0-429E-9D7B-515764392173"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha37:*:*:*:node.js:*:*","matchCriteriaId":"9CC31EDA-E346-4512-B61D-459D1B7DF03F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha38:*:*:*:node.js:*:*","matchCriteriaId":"BD2D4595-10FD-4895-B022-975DFD5CE9EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha39:*:*:*:node.js:*:*","matchCriteriaId":"8904600C-658B-4514-B466-723FEC00DC6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"4CDC52FD-7C85-4208-A3A1-9F233206D002"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha40:*:*:*:node.js:*:*","matchCriteriaId":"F833E1DE-406E-4933-BF58-51F130F351E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha41:*:*:*:node.js:*:*","matchCriteriaId":"8637DC90-96F3-4BB3-8E99-1736E21F91BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"5CA06430-8360-4DBE-B0DB-0D6FCD43B753"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"13498595-56D9-47B9-A0CE-9D7C8C1BD8AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"459F8862-2EFD-46AA-8D2D-D7750DFC843E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"85D6E3FE-A2D4-476B-AF63-75213CD55A9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"33E7DDE6-F753-42B1-8F1C-4E9A7422AE09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"A40DD8A4-E9ED-437E-8BAC-A5119E982A7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"DA4D845B-7B44-4F4A-93A5-A157D2E69408"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"C227B90E-83CD-4BF9-BB65-61C5FA3A8817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9AFC7739-810A-4D2A-9F00-30FA0E31D4FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"8CC23CD5-169B-4D16-A092-573299623DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9D47A3D8-F005-49CC-B83E-CA4BCC619663"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"54C60FCF-96EB-49D5-9A40-215D769403E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"BD4887CA-69F6-46F4-88E3-9ADF7965E48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"B3862636-438C-41B4-8643-3E7F30ADC425"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"6AB9AB22-C0EA-4988-9FB3-0F47B535FF99"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CA6BE3E4-2C95-4C9A-84CF-2A979DF7DAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"A650E481-B5B7-48C7-9E84-94B79A71701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"A264AC19-AE25-448D-9F18-20AE8163170B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"C5EDF6CE-A994-4598-BB40-A1FBCB0C8D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"3AD71B52-42CB-4D07-A63B-028824213837"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"8AF361C5-6825-4921-B24C-E1D627D417EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0A3BD430-B209-46AC-9944-2D59B0192CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"713C7B39-2A07-4386-B46F-FF358EB36F57"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"59EF4AB1-6A2D-473A-A2DF-538CCC92F6A3"}]}]}],"references":[{"url":"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27608","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T03:16:04.960","lastModified":"2026-06-26T17:00:00.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform write and delete operations. Only dashboards with `agent` configuration enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization checks and restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected."},{"lang":"es","value":"Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el endpoint de la API del Agente de IA (`POST /apps/:appId/agent`) no aplica la autorización. Los usuarios autenticados con ámbito a aplicaciones específicas pueden acceder al endpoint del agente de cualquier otra aplicación cambiando el ID de la aplicación en la URL. A los usuarios de solo lectura se les otorga la clave maestra completa en lugar de la clave maestra de solo lectura y pueden proporcionar permisos de escritura en el cuerpo de la solicitud para realizar operaciones de escritura y eliminación. Solo los paneles de control con la configuración de `agent` habilitada se ven afectados. La corrección en la versión 9.0.0-alpha.8 añade comprobaciones de autorización por aplicación y restringe a los usuarios de solo lectura a la `readOnlyMasterKey` con los permisos de escritura eliminados en el lado del servidor. Como solución alternativa, elimine el bloque de configuración de `agent` de la configuración de su panel de control. Los paneles de control sin una configuración de `agent` no se ven afectados."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-dashboard","versions":[{"version":">= 7.3.0-alpha.42, < 9.0.0-alpha.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-25T18:55:55.191858Z","id":"CVE-2026-27608","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"07E54A25-BB5E-4E4F-B3EC-0B9979CC067D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"C8E605D1-F9FB-4AB4-9FFA-211F01496FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha44:*:*:*:node.js:*:*","matchCriteriaId":"0E68DA89-5409-4F06-A69A-7C4672D10521"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"F41426EE-2CD5-4E74-A4D0-1B3BA49A9481"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"97BF4F76-319D-4DE8-A6E4-A8F08D384C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"83A19B88-2B7B-4C19-ABC9-AB01574608D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"B96B7FF8-7BF6-48B8-9887-EA7D9327DF35"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"014B82A6-F7D9-4B05-8D36-31781D177D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"E6B6F40D-5FD8-4EF9-9AE9-DCA471C5CAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"04966183-2013-4AC5-95C0-C3536AE97D3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"00572EFD-7E41-42D9-8412-0C25F9AAABE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"E444707A-C905-485C-8CDB-AE3B8780C56A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"49327FD3-E9B0-4245-8126-EF44DDE6EB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F068BEBE-FF4F-45BA-A3ED-C1A4E6ACA2FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"819B012F-E02A-4E7E-8935-F534270F8A80"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"25C0D991-B416-4BC1-882A-61FFB3E815CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"44D86A4C-7105-42BE-82B3-15736D0C7164"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"8EFB3F3E-4F2F-4975-8B5D-CC6E17489386"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"BADD19AE-F281-4222-B7BE-535EC4045F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"EB952B96-D2A1-4706-8054-C3DB72388E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"B867C0D1-DB8B-44E9-B147-F92A74BF0B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"5AE07136-83B7-4DE5-9F90-3C3B11E0AF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"5EA360CA-BFAB-4CDE-AD59-CC10F5D0601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0471F4A9-2DF0-429E-86BA-267F8DA92319"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"74421939-B72D-41DA-A276-2137C8D87A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"620A6F14-7697-4B03-A116-6E54DD6DD806"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"6959259A-2208-42B9-8FD4-65BB60F8A355"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F1E70933-B30D-493C-A8BA-20FA873E3AFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"59953623-4467-4BF8-916D-7FAF85E7B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"006F6095-1A9A-4418-B7A3-9040823B6D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A7902611-FAC7-43A6-A86A-0B6D232EE3F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"ACC8F371-7DA0-4269-9080-3CCEF0F193FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"E7835681-3581-4834-B6F1-0F48CD5231F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"4760B32F-6943-4BC6-9893-ECE12839291D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F1598567-50D0-4D26-9B60-6067E8070D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"02CDB7B1-5CD7-402D-ACDA-CFD5DCCA1455"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4E461A18-5EB0-4E9E-9670-82B2ABF568F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"794EE02E-6D86-4E4D-9F00-443BFFB78C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"6120C309-768A-4477-BF34-0AD21A104A19"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"4314A7D2-5CA8-4081-BF2B-88A7175B14FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A222119F-5962-49E2-94B5-C3BBC8B19584"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"7F8A9B5B-A1CE-4C86-A031-E638FDEAFE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"D5365B15-3725-4E8B-A0BA-2D4513706AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CEE8CA47-2A8A-44F4-8ABC-C899DA12A49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"B4065C00-6E46-4B19-B32F-9A485EF9AAB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"E6A9E323-7A79-4068-A596-826DB8393273"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F07743D3-82D8-425E-918E-D689DFF5B456"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"77DE8253-E642-4247-8AD7-444C658C11B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"45558A90-0C09-485F-BC7A-DC7403AADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"147EA8FF-8CCD-442C-A9AF-B3B413AC08AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"DE95BEF0-E579-4EAF-BC5D-49C6A097A029"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"B9C9BAF7-52AA-4117-9EB9-15B23625BB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"751EF4D4-017A-40E6-A4DA-73CE3E6E6F18"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"909CEA7C-20A0-4E59-80CA-ECED455AB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"9CDE7AA9-E25F-4614-8824-75BD61137383"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"62F4B0D7-F3C2-4279-97D7-027FA84A69D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"AB00F9FE-2BC9-4DDC-90EC-BB4E344D7FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"F747C7B3-7B22-4977-ACA6-A61A72966EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CFA065EB-17EF-4BDC-90C3-7612DA0BAEE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"3D063244-3964-4538-BD71-444C4AC78159"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"14F2E6D0-BF45-44C6-B09E-BBCB0D9A5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"A035B1BF-8A6E-43BD-B497-5880069DE701"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"EA0EF875-506C-41F6-9982-C615BD7F736A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"C685FFA6-8C20-4E45-8C8F-7CAE843272E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"E5069E97-CAAC-4609-A679-D9ED85E46183"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"0A3896DE-2FEE-4745-93D4-20B94CF821B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"12BB3FFA-33B6-46DA-B128-41F1B569EEDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"1BEA50F8-8F8C-4CF2-A0D2-83FE4A417984"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"68AAA2B1-BCFA-47B5-B340-CD7B182EE0DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"FB746E76-8E6D-4AA1-9E41-8B621F6B0817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"8606D8A6-3670-4C7A-89C0-C79B47DAE462"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"AC53D1E9-E4DE-47BD-961A-AE3B201E6D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"11921795-B289-49B8-9B13-9E4D092DAD1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"C9CC23DE-F84D-48F3-9474-65B240B4A773"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"4D0E3EE7-57AD-469E-8C16-58A797413D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"6E8CFB57-3235-48EF-85AA-6F93F75DBFFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"298D7F20-184C-4D46-9BD0-952A5238CE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4EDA824F-BDD0-45CF-8707-90152F0DC8A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"EFC686E3-4ACA-4DCE-8619-872A1D5A00E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"62C667AB-C243-4EE5-A11F-903548659361"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"BE5FFADF-61A9-4020-A440-A87513F8D16E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"812CD7D7-E4D0-4121-BB4B-861AFE503215"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"A9686411-3378-4786-9581-CAF7214C3482"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"D5BAA8AC-6CC6-4B5E-A487-BC3665388CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"C96A930D-5799-4414-8146-466A207E7E30"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CB077789-E12B-46A3-B81F-4EA99A1DE9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"11C1FCFE-6D33-45F4-837D-26E9F01054C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"200E06EA-A9AB-48E5-96D7-E4A8E33D29A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"99D5280F-7737-4D4A-9342-2DB2BA95E229"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"274221FB-AF14-47A7-87AE-93387A65C7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"018EF99F-F091-4D7B-9EB9-AF8E24D51846"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"CADB1CC2-8821-4BC8-BDE0-F543A9CC1B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"1891DDB0-64E4-4D4F-A8BB-4839DE3334E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"61914E73-4231-4BBF-8BA3-542FE40DADD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"EAE46D0A-5E3B-4DD7-B6BF-5F93E9193B21"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha28:*:*:*:node.js:*:*","matchCriteriaId":"4CF57878-E430-4600-9B99-CC39BE38CDE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha29:*:*:*:node.js:*:*","matchCriteriaId":"A12F9A7B-C5D0-444F-8422-58D1041AAE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"C219A394-FB58-49C4-9EC1-50F5780B1F71"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha30:*:*:*:node.js:*:*","matchCriteriaId":"A4BFB7F4-A2F6-43F8-9883-883F7B556419"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha31:*:*:*:node.js:*:*","matchCriteriaId":"003CAEE4-938C-4B9B-9BD2-1894C2B3F2CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha32:*:*:*:node.js:*:*","matchCriteriaId":"B7EE5788-DAC1-447A-872D-829B17C02FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha33:*:*:*:node.js:*:*","matchCriteriaId":"5B4DDFC3-21D9-447D-9777-5CF2D54C2303"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha34:*:*:*:node.js:*:*","matchCriteriaId":"DB68E100-845B-4AD1-A9F6-F31BD98C5816"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha35:*:*:*:node.js:*:*","matchCriteriaId":"F653F5C7-7F6F-476B-B435-4DB002B8FCE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha36:*:*:*:node.js:*:*","matchCriteriaId":"1FE9FBDF-C5D0-429E-9D7B-515764392173"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha37:*:*:*:node.js:*:*","matchCriteriaId":"9CC31EDA-E346-4512-B61D-459D1B7DF03F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha38:*:*:*:node.js:*:*","matchCriteriaId":"BD2D4595-10FD-4895-B022-975DFD5CE9EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha39:*:*:*:node.js:*:*","matchCriteriaId":"8904600C-658B-4514-B466-723FEC00DC6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"4CDC52FD-7C85-4208-A3A1-9F233206D002"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha40:*:*:*:node.js:*:*","matchCriteriaId":"F833E1DE-406E-4933-BF58-51F130F351E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha41:*:*:*:node.js:*:*","matchCriteriaId":"8637DC90-96F3-4BB3-8E99-1736E21F91BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"5CA06430-8360-4DBE-B0DB-0D6FCD43B753"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"13498595-56D9-47B9-A0CE-9D7C8C1BD8AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"459F8862-2EFD-46AA-8D2D-D7750DFC843E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"85D6E3FE-A2D4-476B-AF63-75213CD55A9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"33E7DDE6-F753-42B1-8F1C-4E9A7422AE09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"A40DD8A4-E9ED-437E-8BAC-A5119E982A7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"DA4D845B-7B44-4F4A-93A5-A157D2E69408"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"C227B90E-83CD-4BF9-BB65-61C5FA3A8817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9AFC7739-810A-4D2A-9F00-30FA0E31D4FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"8CC23CD5-169B-4D16-A092-573299623DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9D47A3D8-F005-49CC-B83E-CA4BCC619663"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"54C60FCF-96EB-49D5-9A40-215D769403E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"BD4887CA-69F6-46F4-88E3-9ADF7965E48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"B3862636-438C-41B4-8643-3E7F30ADC425"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"6AB9AB22-C0EA-4988-9FB3-0F47B535FF99"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CA6BE3E4-2C95-4C9A-84CF-2A979DF7DAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"A650E481-B5B7-48C7-9E84-94B79A71701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"A264AC19-AE25-448D-9F18-20AE8163170B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"C5EDF6CE-A994-4598-BB40-A1FBCB0C8D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"3AD71B52-42CB-4D07-A63B-028824213837"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"8AF361C5-6825-4921-B24C-E1D627D417EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0A3BD430-B209-46AC-9944-2D59B0192CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"713C7B39-2A07-4386-B46F-FF358EB36F57"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"59EF4AB1-6A2D-473A-A2DF-538CCC92F6A3"}]}]}],"references":[{"url":"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27609","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T03:16:05.120","lastModified":"2026-06-26T17:00:03.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. The fix in version 9.0.0-alpha.8 adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard page. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected."},{"lang":"es","value":"Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el endpoint de la API del Agente de IA ('POST /apps/:appId/agent') carece de protección CSRF. Un atacante puede crear una página maliciosa que, al ser visitada por un usuario autenticado del panel de control, envía solicitudes al endpoint del agente utilizando la sesión de la víctima. La corrección en la versión 9.0.0-alpha.8 añade middleware CSRF al endpoint del agente e incrusta un token CSRF en la página del panel de control. Como solución alternativa, elimine el bloque de configuración 'agent' de su configuración del panel de control. Los paneles de control sin una configuración 'agent' no se ven afectados."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-dashboard","versions":[{"version":">= 7.3.0-alpha.42, < 9.0.0-alpha.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T17:24:42.522909Z","id":"CVE-2026-27609","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"07E54A25-BB5E-4E4F-B3EC-0B9979CC067D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"C8E605D1-F9FB-4AB4-9FFA-211F01496FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha44:*:*:*:node.js:*:*","matchCriteriaId":"0E68DA89-5409-4F06-A69A-7C4672D10521"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"F41426EE-2CD5-4E74-A4D0-1B3BA49A9481"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"97BF4F76-319D-4DE8-A6E4-A8F08D384C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"83A19B88-2B7B-4C19-ABC9-AB01574608D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"B96B7FF8-7BF6-48B8-9887-EA7D9327DF35"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"014B82A6-F7D9-4B05-8D36-31781D177D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"E6B6F40D-5FD8-4EF9-9AE9-DCA471C5CAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"04966183-2013-4AC5-95C0-C3536AE97D3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"00572EFD-7E41-42D9-8412-0C25F9AAABE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"E444707A-C905-485C-8CDB-AE3B8780C56A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"49327FD3-E9B0-4245-8126-EF44DDE6EB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F068BEBE-FF4F-45BA-A3ED-C1A4E6ACA2FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"819B012F-E02A-4E7E-8935-F534270F8A80"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"25C0D991-B416-4BC1-882A-61FFB3E815CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"44D86A4C-7105-42BE-82B3-15736D0C7164"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"8EFB3F3E-4F2F-4975-8B5D-CC6E17489386"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"BADD19AE-F281-4222-B7BE-535EC4045F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"EB952B96-D2A1-4706-8054-C3DB72388E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"B867C0D1-DB8B-44E9-B147-F92A74BF0B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"5AE07136-83B7-4DE5-9F90-3C3B11E0AF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"5EA360CA-BFAB-4CDE-AD59-CC10F5D0601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0471F4A9-2DF0-429E-86BA-267F8DA92319"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"74421939-B72D-41DA-A276-2137C8D87A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"620A6F14-7697-4B03-A116-6E54DD6DD806"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"6959259A-2208-42B9-8FD4-65BB60F8A355"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F1E70933-B30D-493C-A8BA-20FA873E3AFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"59953623-4467-4BF8-916D-7FAF85E7B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"006F6095-1A9A-4418-B7A3-9040823B6D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A7902611-FAC7-43A6-A86A-0B6D232EE3F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"ACC8F371-7DA0-4269-9080-3CCEF0F193FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"E7835681-3581-4834-B6F1-0F48CD5231F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"4760B32F-6943-4BC6-9893-ECE12839291D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F1598567-50D0-4D26-9B60-6067E8070D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"02CDB7B1-5CD7-402D-ACDA-CFD5DCCA1455"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4E461A18-5EB0-4E9E-9670-82B2ABF568F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"794EE02E-6D86-4E4D-9F00-443BFFB78C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"6120C309-768A-4477-BF34-0AD21A104A19"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"4314A7D2-5CA8-4081-BF2B-88A7175B14FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A222119F-5962-49E2-94B5-C3BBC8B19584"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"7F8A9B5B-A1CE-4C86-A031-E638FDEAFE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"D5365B15-3725-4E8B-A0BA-2D4513706AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CEE8CA47-2A8A-44F4-8ABC-C899DA12A49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"B4065C00-6E46-4B19-B32F-9A485EF9AAB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"E6A9E323-7A79-4068-A596-826DB8393273"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F07743D3-82D8-425E-918E-D689DFF5B456"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"77DE8253-E642-4247-8AD7-444C658C11B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"45558A90-0C09-485F-BC7A-DC7403AADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"147EA8FF-8CCD-442C-A9AF-B3B413AC08AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"DE95BEF0-E579-4EAF-BC5D-49C6A097A029"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"B9C9BAF7-52AA-4117-9EB9-15B23625BB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"751EF4D4-017A-40E6-A4DA-73CE3E6E6F18"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"909CEA7C-20A0-4E59-80CA-ECED455AB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"9CDE7AA9-E25F-4614-8824-75BD61137383"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"62F4B0D7-F3C2-4279-97D7-027FA84A69D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"AB00F9FE-2BC9-4DDC-90EC-BB4E344D7FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"F747C7B3-7B22-4977-ACA6-A61A72966EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CFA065EB-17EF-4BDC-90C3-7612DA0BAEE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"3D063244-3964-4538-BD71-444C4AC78159"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"14F2E6D0-BF45-44C6-B09E-BBCB0D9A5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"A035B1BF-8A6E-43BD-B497-5880069DE701"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"EA0EF875-506C-41F6-9982-C615BD7F736A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"C685FFA6-8C20-4E45-8C8F-7CAE843272E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"E5069E97-CAAC-4609-A679-D9ED85E46183"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"0A3896DE-2FEE-4745-93D4-20B94CF821B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"12BB3FFA-33B6-46DA-B128-41F1B569EEDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"1BEA50F8-8F8C-4CF2-A0D2-83FE4A417984"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"68AAA2B1-BCFA-47B5-B340-CD7B182EE0DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"FB746E76-8E6D-4AA1-9E41-8B621F6B0817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"8606D8A6-3670-4C7A-89C0-C79B47DAE462"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"AC53D1E9-E4DE-47BD-961A-AE3B201E6D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"11921795-B289-49B8-9B13-9E4D092DAD1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"C9CC23DE-F84D-48F3-9474-65B240B4A773"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"4D0E3EE7-57AD-469E-8C16-58A797413D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"6E8CFB57-3235-48EF-85AA-6F93F75DBFFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"298D7F20-184C-4D46-9BD0-952A5238CE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4EDA824F-BDD0-45CF-8707-90152F0DC8A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"EFC686E3-4ACA-4DCE-8619-872A1D5A00E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"62C667AB-C243-4EE5-A11F-903548659361"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"BE5FFADF-61A9-4020-A440-A87513F8D16E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"812CD7D7-E4D0-4121-BB4B-861AFE503215"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"A9686411-3378-4786-9581-CAF7214C3482"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"D5BAA8AC-6CC6-4B5E-A487-BC3665388CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"C96A930D-5799-4414-8146-466A207E7E30"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CB077789-E12B-46A3-B81F-4EA99A1DE9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"11C1FCFE-6D33-45F4-837D-26E9F01054C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"200E06EA-A9AB-48E5-96D7-E4A8E33D29A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"99D5280F-7737-4D4A-9342-2DB2BA95E229"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"274221FB-AF14-47A7-87AE-93387A65C7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"018EF99F-F091-4D7B-9EB9-AF8E24D51846"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"CADB1CC2-8821-4BC8-BDE0-F543A9CC1B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"1891DDB0-64E4-4D4F-A8BB-4839DE3334E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"61914E73-4231-4BBF-8BA3-542FE40DADD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"EAE46D0A-5E3B-4DD7-B6BF-5F93E9193B21"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha28:*:*:*:node.js:*:*","matchCriteriaId":"4CF57878-E430-4600-9B99-CC39BE38CDE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha29:*:*:*:node.js:*:*","matchCriteriaId":"A12F9A7B-C5D0-444F-8422-58D1041AAE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"C219A394-FB58-49C4-9EC1-50F5780B1F71"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha30:*:*:*:node.js:*:*","matchCriteriaId":"A4BFB7F4-A2F6-43F8-9883-883F7B556419"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha31:*:*:*:node.js:*:*","matchCriteriaId":"003CAEE4-938C-4B9B-9BD2-1894C2B3F2CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha32:*:*:*:node.js:*:*","matchCriteriaId":"B7EE5788-DAC1-447A-872D-829B17C02FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha33:*:*:*:node.js:*:*","matchCriteriaId":"5B4DDFC3-21D9-447D-9777-5CF2D54C2303"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha34:*:*:*:node.js:*:*","matchCriteriaId":"DB68E100-845B-4AD1-A9F6-F31BD98C5816"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha35:*:*:*:node.js:*:*","matchCriteriaId":"F653F5C7-7F6F-476B-B435-4DB002B8FCE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha36:*:*:*:node.js:*:*","matchCriteriaId":"1FE9FBDF-C5D0-429E-9D7B-515764392173"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha37:*:*:*:node.js:*:*","matchCriteriaId":"9CC31EDA-E346-4512-B61D-459D1B7DF03F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha38:*:*:*:node.js:*:*","matchCriteriaId":"BD2D4595-10FD-4895-B022-975DFD5CE9EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha39:*:*:*:node.js:*:*","matchCriteriaId":"8904600C-658B-4514-B466-723FEC00DC6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"4CDC52FD-7C85-4208-A3A1-9F233206D002"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha40:*:*:*:node.js:*:*","matchCriteriaId":"F833E1DE-406E-4933-BF58-51F130F351E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha41:*:*:*:node.js:*:*","matchCriteriaId":"8637DC90-96F3-4BB3-8E99-1736E21F91BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"5CA06430-8360-4DBE-B0DB-0D6FCD43B753"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"13498595-56D9-47B9-A0CE-9D7C8C1BD8AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"459F8862-2EFD-46AA-8D2D-D7750DFC843E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"85D6E3FE-A2D4-476B-AF63-75213CD55A9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"33E7DDE6-F753-42B1-8F1C-4E9A7422AE09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"A40DD8A4-E9ED-437E-8BAC-A5119E982A7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"DA4D845B-7B44-4F4A-93A5-A157D2E69408"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"C227B90E-83CD-4BF9-BB65-61C5FA3A8817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9AFC7739-810A-4D2A-9F00-30FA0E31D4FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"8CC23CD5-169B-4D16-A092-573299623DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9D47A3D8-F005-49CC-B83E-CA4BCC619663"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"54C60FCF-96EB-49D5-9A40-215D769403E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"BD4887CA-69F6-46F4-88E3-9ADF7965E48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"B3862636-438C-41B4-8643-3E7F30ADC425"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"6AB9AB22-C0EA-4988-9FB3-0F47B535FF99"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CA6BE3E4-2C95-4C9A-84CF-2A979DF7DAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"A650E481-B5B7-48C7-9E84-94B79A71701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"A264AC19-AE25-448D-9F18-20AE8163170B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"C5EDF6CE-A994-4598-BB40-A1FBCB0C8D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"3AD71B52-42CB-4D07-A63B-028824213837"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"8AF361C5-6825-4921-B24C-E1D627D417EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0A3BD430-B209-46AC-9944-2D59B0192CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"713C7B39-2A07-4386-B46F-FF358EB36F57"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"59EF4AB1-6A2D-473A-A2DF-538CCC92F6A3"}]}]}],"references":[{"url":"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-3534-xp88-25rc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27610","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T03:16:05.297","lastModified":"2026-06-26T16:59:57.737","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master key. As a workaround, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration."},{"lang":"es","value":"Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el `ConfigKeyCache` utiliza la misma clave de caché tanto para la clave maestra como para la clave maestra de solo lectura al resolver claves de tipo función. Bajo condiciones de tiempo específicas, un usuario de solo lectura puede recibir la clave maestra completa en caché, o un usuario regular puede recibir la clave maestra de solo lectura en caché. La corrección en la versión 9.0.0-alpha.8 utiliza claves de caché distintas para la clave maestra y la clave maestra de solo lectura. Como solución alternativa, evite usar claves maestras de tipo función, o elimine el bloque de configuración `agent` de la configuración de su panel de control."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"parse-community","product":"parse-dashboard","versions":[{"version":">= 7.3.0-alpha.42, < 9.0.0-alpha.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T17:24:01.878122Z","id":"CVE-2026-27610","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1289"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"07E54A25-BB5E-4E4F-B3EC-0B9979CC067D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"C8E605D1-F9FB-4AB4-9FFA-211F01496FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha44:*:*:*:node.js:*:*","matchCriteriaId":"0E68DA89-5409-4F06-A69A-7C4672D10521"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"F41426EE-2CD5-4E74-A4D0-1B3BA49A9481"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"97BF4F76-319D-4DE8-A6E4-A8F08D384C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"83A19B88-2B7B-4C19-ABC9-AB01574608D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"B96B7FF8-7BF6-48B8-9887-EA7D9327DF35"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"014B82A6-F7D9-4B05-8D36-31781D177D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"E6B6F40D-5FD8-4EF9-9AE9-DCA471C5CAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"04966183-2013-4AC5-95C0-C3536AE97D3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"00572EFD-7E41-42D9-8412-0C25F9AAABE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"E444707A-C905-485C-8CDB-AE3B8780C56A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"49327FD3-E9B0-4245-8126-EF44DDE6EB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F068BEBE-FF4F-45BA-A3ED-C1A4E6ACA2FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"819B012F-E02A-4E7E-8935-F534270F8A80"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"25C0D991-B416-4BC1-882A-61FFB3E815CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"44D86A4C-7105-42BE-82B3-15736D0C7164"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"8EFB3F3E-4F2F-4975-8B5D-CC6E17489386"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"BADD19AE-F281-4222-B7BE-535EC4045F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"EB952B96-D2A1-4706-8054-C3DB72388E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"B867C0D1-DB8B-44E9-B147-F92A74BF0B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"5AE07136-83B7-4DE5-9F90-3C3B11E0AF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"5EA360CA-BFAB-4CDE-AD59-CC10F5D0601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0471F4A9-2DF0-429E-86BA-267F8DA92319"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"74421939-B72D-41DA-A276-2137C8D87A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"620A6F14-7697-4B03-A116-6E54DD6DD806"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"6959259A-2208-42B9-8FD4-65BB60F8A355"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F1E70933-B30D-493C-A8BA-20FA873E3AFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"59953623-4467-4BF8-916D-7FAF85E7B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"006F6095-1A9A-4418-B7A3-9040823B6D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A7902611-FAC7-43A6-A86A-0B6D232EE3F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"ACC8F371-7DA0-4269-9080-3CCEF0F193FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"E7835681-3581-4834-B6F1-0F48CD5231F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"4760B32F-6943-4BC6-9893-ECE12839291D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"F1598567-50D0-4D26-9B60-6067E8070D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"02CDB7B1-5CD7-402D-ACDA-CFD5DCCA1455"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4E461A18-5EB0-4E9E-9670-82B2ABF568F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"794EE02E-6D86-4E4D-9F00-443BFFB78C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"6120C309-768A-4477-BF34-0AD21A104A19"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"4314A7D2-5CA8-4081-BF2B-88A7175B14FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"A222119F-5962-49E2-94B5-C3BBC8B19584"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"7F8A9B5B-A1CE-4C86-A031-E638FDEAFE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"D5365B15-3725-4E8B-A0BA-2D4513706AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CEE8CA47-2A8A-44F4-8ABC-C899DA12A49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"B4065C00-6E46-4B19-B32F-9A485EF9AAB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"E6A9E323-7A79-4068-A596-826DB8393273"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"F07743D3-82D8-425E-918E-D689DFF5B456"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"77DE8253-E642-4247-8AD7-444C658C11B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"45558A90-0C09-485F-BC7A-DC7403AADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"147EA8FF-8CCD-442C-A9AF-B3B413AC08AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"DE95BEF0-E579-4EAF-BC5D-49C6A097A029"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"B9C9BAF7-52AA-4117-9EB9-15B23625BB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"751EF4D4-017A-40E6-A4DA-73CE3E6E6F18"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"909CEA7C-20A0-4E59-80CA-ECED455AB0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"9CDE7AA9-E25F-4614-8824-75BD61137383"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"62F4B0D7-F3C2-4279-97D7-027FA84A69D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"AB00F9FE-2BC9-4DDC-90EC-BB4E344D7FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"F747C7B3-7B22-4977-ACA6-A61A72966EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CFA065EB-17EF-4BDC-90C3-7612DA0BAEE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"3D063244-3964-4538-BD71-444C4AC78159"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"14F2E6D0-BF45-44C6-B09E-BBCB0D9A5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"A035B1BF-8A6E-43BD-B497-5880069DE701"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"EA0EF875-506C-41F6-9982-C615BD7F736A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"C685FFA6-8C20-4E45-8C8F-7CAE843272E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"E5069E97-CAAC-4609-A679-D9ED85E46183"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"0A3896DE-2FEE-4745-93D4-20B94CF821B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"12BB3FFA-33B6-46DA-B128-41F1B569EEDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"1BEA50F8-8F8C-4CF2-A0D2-83FE4A417984"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"68AAA2B1-BCFA-47B5-B340-CD7B182EE0DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"FB746E76-8E6D-4AA1-9E41-8B621F6B0817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"8606D8A6-3670-4C7A-89C0-C79B47DAE462"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"AC53D1E9-E4DE-47BD-961A-AE3B201E6D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"11921795-B289-49B8-9B13-9E4D092DAD1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"C9CC23DE-F84D-48F3-9474-65B240B4A773"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"4D0E3EE7-57AD-469E-8C16-58A797413D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"6E8CFB57-3235-48EF-85AA-6F93F75DBFFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha10:*:*:*:node.js:*:*","matchCriteriaId":"298D7F20-184C-4D46-9BD0-952A5238CE38"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha11:*:*:*:node.js:*:*","matchCriteriaId":"4EDA824F-BDD0-45CF-8707-90152F0DC8A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha12:*:*:*:node.js:*:*","matchCriteriaId":"EFC686E3-4ACA-4DCE-8619-872A1D5A00E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha13:*:*:*:node.js:*:*","matchCriteriaId":"62C667AB-C243-4EE5-A11F-903548659361"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha14:*:*:*:node.js:*:*","matchCriteriaId":"BE5FFADF-61A9-4020-A440-A87513F8D16E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha15:*:*:*:node.js:*:*","matchCriteriaId":"812CD7D7-E4D0-4121-BB4B-861AFE503215"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha16:*:*:*:node.js:*:*","matchCriteriaId":"A9686411-3378-4786-9581-CAF7214C3482"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha17:*:*:*:node.js:*:*","matchCriteriaId":"D5BAA8AC-6CC6-4B5E-A487-BC3665388CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha18:*:*:*:node.js:*:*","matchCriteriaId":"C96A930D-5799-4414-8146-466A207E7E30"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha19:*:*:*:node.js:*:*","matchCriteriaId":"CB077789-E12B-46A3-B81F-4EA99A1DE9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"11C1FCFE-6D33-45F4-837D-26E9F01054C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha20:*:*:*:node.js:*:*","matchCriteriaId":"200E06EA-A9AB-48E5-96D7-E4A8E33D29A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha21:*:*:*:node.js:*:*","matchCriteriaId":"99D5280F-7737-4D4A-9342-2DB2BA95E229"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha22:*:*:*:node.js:*:*","matchCriteriaId":"274221FB-AF14-47A7-87AE-93387A65C7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha23:*:*:*:node.js:*:*","matchCriteriaId":"018EF99F-F091-4D7B-9EB9-AF8E24D51846"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha24:*:*:*:node.js:*:*","matchCriteriaId":"CADB1CC2-8821-4BC8-BDE0-F543A9CC1B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha25:*:*:*:node.js:*:*","matchCriteriaId":"1891DDB0-64E4-4D4F-A8BB-4839DE3334E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha26:*:*:*:node.js:*:*","matchCriteriaId":"61914E73-4231-4BBF-8BA3-542FE40DADD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha27:*:*:*:node.js:*:*","matchCriteriaId":"EAE46D0A-5E3B-4DD7-B6BF-5F93E9193B21"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha28:*:*:*:node.js:*:*","matchCriteriaId":"4CF57878-E430-4600-9B99-CC39BE38CDE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha29:*:*:*:node.js:*:*","matchCriteriaId":"A12F9A7B-C5D0-444F-8422-58D1041AAE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"C219A394-FB58-49C4-9EC1-50F5780B1F71"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha30:*:*:*:node.js:*:*","matchCriteriaId":"A4BFB7F4-A2F6-43F8-9883-883F7B556419"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha31:*:*:*:node.js:*:*","matchCriteriaId":"003CAEE4-938C-4B9B-9BD2-1894C2B3F2CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha32:*:*:*:node.js:*:*","matchCriteriaId":"B7EE5788-DAC1-447A-872D-829B17C02FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha33:*:*:*:node.js:*:*","matchCriteriaId":"5B4DDFC3-21D9-447D-9777-5CF2D54C2303"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha34:*:*:*:node.js:*:*","matchCriteriaId":"DB68E100-845B-4AD1-A9F6-F31BD98C5816"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha35:*:*:*:node.js:*:*","matchCriteriaId":"F653F5C7-7F6F-476B-B435-4DB002B8FCE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha36:*:*:*:node.js:*:*","matchCriteriaId":"1FE9FBDF-C5D0-429E-9D7B-515764392173"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha37:*:*:*:node.js:*:*","matchCriteriaId":"9CC31EDA-E346-4512-B61D-459D1B7DF03F"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha38:*:*:*:node.js:*:*","matchCriteriaId":"BD2D4595-10FD-4895-B022-975DFD5CE9EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha39:*:*:*:node.js:*:*","matchCriteriaId":"8904600C-658B-4514-B466-723FEC00DC6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"4CDC52FD-7C85-4208-A3A1-9F233206D002"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha40:*:*:*:node.js:*:*","matchCriteriaId":"F833E1DE-406E-4933-BF58-51F130F351E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha41:*:*:*:node.js:*:*","matchCriteriaId":"8637DC90-96F3-4BB3-8E99-1736E21F91BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha42:*:*:*:node.js:*:*","matchCriteriaId":"5CA06430-8360-4DBE-B0DB-0D6FCD43B753"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha43:*:*:*:node.js:*:*","matchCriteriaId":"13498595-56D9-47B9-A0CE-9D7C8C1BD8AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"459F8862-2EFD-46AA-8D2D-D7750DFC843E"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"85D6E3FE-A2D4-476B-AF63-75213CD55A9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"33E7DDE6-F753-42B1-8F1C-4E9A7422AE09"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"A40DD8A4-E9ED-437E-8BAC-A5119E982A7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha9:*:*:*:node.js:*:*","matchCriteriaId":"DA4D845B-7B44-4F4A-93A5-A157D2E69408"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"C227B90E-83CD-4BF9-BB65-61C5FA3A8817"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9AFC7739-810A-4D2A-9F00-30FA0E31D4FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"8CC23CD5-169B-4D16-A092-573299623DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"9D47A3D8-F005-49CC-B83E-CA4BCC619663"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"54C60FCF-96EB-49D5-9A40-215D769403E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"BD4887CA-69F6-46F4-88E3-9ADF7965E48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"B3862636-438C-41B4-8643-3E7F30ADC425"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"6AB9AB22-C0EA-4988-9FB3-0F47B535FF99"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"CA6BE3E4-2C95-4C9A-84CF-2A979DF7DAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"A650E481-B5B7-48C7-9E84-94B79A71701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"A264AC19-AE25-448D-9F18-20AE8163170B"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"C5EDF6CE-A994-4598-BB40-A1FBCB0C8D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"3AD71B52-42CB-4D07-A63B-028824213837"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"8AF361C5-6825-4921-B24C-E1D627D417EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"0A3BD430-B209-46AC-9944-2D59B0192CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"713C7B39-2A07-4386-B46F-FF358EB36F57"},{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"59EF4AB1-6A2D-473A-A2DF-538CCC92F6A3"}]}]}],"references":[{"url":"https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-10990","sourceIdentifier":"secalert@redhat.com","published":"2026-02-27T14:16:27.567","lastModified":"2026-06-26T00:16:45.773","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761."},{"lang":"es","value":"Se encontró una vulnerabilidad en REXML. Un atacante remoto podría explotar el análisis ineficiente de expresiones regulares (regex) al procesar referencias de caracteres numéricos hexadecimales (&amp;#x...;) en documentos XML. Esto podría conducir a una Denegación de Servicio por Expresiones Regulares (ReDoS), impactando la disponibilidad del componente afectado. Este problema es el resultado de una corrección incompleta para CVE-2024-49761."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://www.redhat.com/en/technologies/management/satellite","packageName":"Red Hat Satellite","versions":[{"version":"6.17.5","status":"unaffected"},{"version":"6.16.5.4","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"versions":[{"version":"0:8.8.1-3.el8sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"versions":[{"version":"0:8.8.1-3.el8sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"versions":[{"version":"0:8.8.1-3.el9sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.16 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.16::el8","cpe:/a:redhat:satellite:6.16::el9","cpe:/a:redhat:satellite_capsule:6.16::el8","cpe:/a:redhat:satellite_capsule:6.16::el9","cpe:/a:redhat:satellite_utils:6.16::el8","cpe:/a:redhat:satellite_utils:6.16::el9"],"versions":[{"version":"0:8.8.1-3.el9sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"versions":[{"version":"0:8.8.1-3.el9sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.17 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:satellite:6.17::el9","cpe:/a:redhat:satellite_capsule:6.17::el9","cpe:/a:redhat:satellite_utils:6.17::el9"],"versions":[{"version":"0:8.8.1-3.el9sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Satellite Client 6 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:rhel_satellite_client:6::el8","cpe:/a:redhat:rhel_satellite_client:6::el9"],"versions":[{"version":"0:7.34.0-4.el8sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Satellite Client 6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"puppet-agent","cpes":["cpe:/a:redhat:rhel_satellite_client:6::el8","cpe:/a:redhat:rhel_satellite_client:6::el9"],"versions":[{"version":"0:7.34.0-4.el9sat","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-27T18:43:48.686335Z","id":"CVE-2025-10990","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:17606","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:17693","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-10990","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2398216","source":"secalert@redhat.com"},{"url":"https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f","source":"secalert@redhat.com"},{"url":"https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m","source":"secalert@redhat.com"},{"url":"https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-3437","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-03-03T18:16:25.953","lastModified":"2026-06-25T16:16:34.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition."},{"lang":"es","value":"Una vulnerabilidad de Restricción Inadecuada de Operaciones dentro de los Límites de un Búfer de Memoria en Portwell Engineering Toolkits versión 4.8.2 podría permitir a un atacante local autenticado leer y escribir en memoria arbitraria a través del controlador de Portwell Engineering Toolkits. La explotación exitosa de esta vulnerabilidad podría resultar en escalada de privilegios o causar una condición de denegación de servicio."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Portwell","product":"Portwell Engineering Toolkits","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.8.2","versionType":"custom","status":"affected"},{"version":"v5.0.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-03T18:58:38.290857Z","id":"CVE-2026-3437","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:portwell:engineering_toolkits:4.8.2:*:*:*:*:*:*:*","matchCriteriaId":"21B2CD9E-A22D-4482-9961-FA4A536689C2"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-04.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://software.portwell.tw/security-advisory/PWS-2026-3437.html","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-04","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-30783","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:18.910","lastModified":"2026-06-22T14:16:35.980","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse.\n\n This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.\n\n\n\nThis issue affects RustDesk Client: through 1.4.8."},{"lang":"es","value":"Una vulnerabilidad en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android, WebClient (señalización del cliente, bucle de sincronización de la API, módulos de gestión de configuración) permite el abuso de privilegios. Esta vulnerabilidad está asociada con los archivos de programa src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs y las rutinas del programa bucle de sincronización de la API, manejo de la configuración del servidor API.\n\nEste problema afecta a RustDesk Client: hasta la versión 1.4.5."}],"affected":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","affectedData":[{"vendor":"rustdesk-client","product":"RustDesk Client","defaultStatus":"affected","collectionURL":"https://github.com/rustdesk/rustdesk/releases","packageName":"rustdesk-client","modules":["Client signaling","API sync loop","config management"],"platforms":["Windows","MacOS","Linux","iOS","Android","WebClient"],"programFiles":["src/rendezvous_mediator.rs","src/hbbs_http/sync.rs"],"programRoutines":[{"name":"API sync loop"},{"name":"api-server config handling"}],"repo":"https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common","versions":[{"version":"0","lessThanOrEqual":"1.4.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-06T10:26:06.050744Z","id":"CVE-2026-30783","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","description":[{"lang":"en","value":"CWE-602"},{"lang":"en","value":"CWE-841"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*","versionEndIncluding":"1.4.5","matchCriteriaId":"14986BCF-B589-41F2-913D-2800283B452B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"},{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustdesk.com/docs/en/client/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product"]},{"url":"https://www.vulsec.org/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-30789","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:19.560","lastModified":"2026-06-22T14:16:36.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Password Brute Forcing.\n\nThe authentication proof is SHA256(SHA256(password + salt) + challenge), where both the salt and the challenge are generated entirely by the server with no client-side nonce, and the hash uses no slow key-derivation function. A rogue or on-path API/relay server (see CVE-2026-30794 / CVE-2026-30797) can issue a chosen salt and challenge, capture the resulting proof, and recover the password offline. The capture-replay claim (CWE-294) is withdrawn: the challenge is regenerated per connection (challenge = Config::get_auto_password(6)), so a captured proof is not replayable against the legitimate server. The 1.4.7 OTP brute-force limiter and the existing LOGIN_FAILURES counter constrain only ONLINE attempts and do not address offline recovery.\n\nThis vulnerability is associated with program files src/client.rs and program routines handle_hash(), handle_login_from_ui() (login proof construction).\n\nThis issue affects RustDesk Client: through 1.4.8."},{"lang":"es","value":"Omisión de autenticación por captura-repetición, vulnerabilidad de uso de hash de contraseña con esfuerzo computacional insuficiente en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android (módulos de inicio de sesión del cliente, autenticación de pares) permite la reutilización de IDs de sesión (también conocido como repetición de sesión). Esta vulnerabilidad está asociada con los archivos de programa src/client.Rs y las rutinas de programa hash_password(), construcción de prueba de inicio de sesión. Este problema afecta a RustDesk Client: hasta la versión 1.4.5."}],"affected":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","affectedData":[{"vendor":"rustdesk-client","product":"RustDesk Client","defaultStatus":"affected","collectionURL":"https://github.com/rustdesk/rustdesk/releases","packageName":"rustdesk-client","modules":["Client login","peer authentication"],"platforms":["Windows","MacOS","Linux","iOS","Android"],"programFiles":["src/client.rs"],"programRoutines":[{"name":"handle_hash()"},{"name":"handle_login_from_ui() (login proof construction)"}],"repo":"https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common","versions":[{"version":"0","lessThanOrEqual":"1.4.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-17T14:32:41.844771Z","id":"CVE-2026-30789","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","description":[{"lang":"en","value":"CWE-916"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*","versionEndIncluding":"1.4.5","matchCriteriaId":"14986BCF-B589-41F2-913D-2800283B452B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"},{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustdesk.com/docs/en/client/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product"]},{"url":"https://www.vulsec.org/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2026-30790","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:19.703","lastModified":"2026-06-22T14:16:37.263","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-30792","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:19.840","lastModified":"2026-06-22T14:17:10.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle.\n\n This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().\n\n\n\nThis issue affects RustDesk Client: through 1.4.8."},{"lang":"es","value":"Una vulnerabilidad en rustdesk-client RustDesk Client rustdesk-client en Windows, MacOS, Linux, iOS, Android, WebClient (sincronización de estrategia, cliente API HTTP, módulos del motor de opciones de configuración) permite la manipulación de mensajes de la API de la aplicación a través de Man-in-the-Middle. Esta vulnerabilidad está asociada con los archivos de programa src/hbbs_http/sync.Rs, hbb_common/src/config.Rs y las rutinas de programa bucle de fusión de estrategia en sync.Rs, Config::set_options().\n\nEste problema afecta a RustDesk Client: a través de 1.4.5."}],"affected":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","affectedData":[{"vendor":"rustdesk-client","product":"RustDesk Client","defaultStatus":"affected","collectionURL":"https://github.com/rustdesk/rustdesk/releases","packageName":"rustdesk-client","modules":["Strategy sync","HTTP API client","config options engine"],"platforms":["Windows","MacOS","Linux","iOS","Android","WebClient"],"programFiles":["src/hbbs_http/sync.rs","hbb_common/src/config.rs"],"programRoutines":[{"name":"Strategy merge loop in sync.rs"},{"name":"Config::set_options()"}],"repo":"https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common","versions":[{"version":"0","lessThanOrEqual":"1.4.8","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-06T10:24:56.279793Z","id":"CVE-2026-30792","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustdesk:rustdesk:*:*:*:*:webclient:*:*:*","versionEndIncluding":"1.4.5","matchCriteriaId":"14986BCF-B589-41F2-913D-2800283B452B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*","matchCriteriaId":"B5415705-33E5-46D5-8E4D-9EBADC8C5705"},{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustdesk.com/docs/en/self-host/client-configuration/advanced-settings/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product","Vendor Advisory"]},{"url":"https://www.vulsec.org/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2026-30794","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:20.177","lastModified":"2026-06-22T14:17:10.680","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-30796","sourceIdentifier":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","published":"2026-03-05T16:16:21.007","lastModified":"2026-06-22T14:17:35.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks.\n\nThe client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book.\n\nThis vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password).\n\nThis issue affects RustDesk Client: through 1.4.8."},{"lang":"es","value":"Vulnerabilidad de transmisión en texto claro de información sensible en rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro en Windows, MacOS, Linux (Módulos de API de sincronización de libreta de direcciones) permite ataques de sniffing. Esta vulnerabilidad está asociada con archivos de programa de código cerrado — punto final de API que gestiona la sincronización de latidos y rutinas de programa gestor de API de latidos (acepta preset-address-book-password en texto claro).\n\nEste problema afecta a RustDesk Server Pro: hasta la 1.7.5."}],"affected":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","affectedData":[{"vendor":"rustdesk-client","product":"RustDesk Client","defaultStatus":"affected","collectionURL":"https://github.com/rustdesk/rustdesk/releases","packageName":"rustdesk-client","modules":["Address book sync","Heartbeat sync loop"],"platforms":["Windows","MacOS","Linux","iOS","Android"],"programFiles":["src/hbbs_http/sync.rs"],"programRoutines":[{"name":"heartbeat sync body builder (emits preset-address-book-password verbatim)"}],"repo":"https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common","versions":[{"version":"0","lessThanOrEqual":"1.4.8","versionType":"custom","status":"affected","changes":[{"at":"Server Pro","status":"affected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-17T14:31:35.721954Z","id":"CVE-2026-30796","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rustdesk:rustdesk_server:*:*:*:*:pro:*:*:*","versionEndIncluding":"1.7.5","matchCriteriaId":"4F6E21F9-385D-4DB4-9CD4-EDB43561D9E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Exploit","Third Party Advisory"]},{"url":"https://rustdesk.com/docs/en/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Product","Vendor Advisory"]},{"url":"https://www.vulsec.org/","source":"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2024-14027","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-09T16:16:14.313","lastModified":"2026-06-26T20:18:19.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/xattr: missing fdput() in fremovexattr error path\n\nIn the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a\nfile reference but returns early without calling fdput() when\nstrncpy_from_user() fails on the name argument. In multi-threaded processes\nwhere fdget() takes the slow path, this permanently leaks one\nfile reference per call, pinning the struct file and associated kernel\nobjects in memory. An unprivileged local user can exploit this to cause\nkernel memory exhaustion. The issue was inadvertently fixed by commit\na71874379ec8 (\"xattr: switch to CLASS(fd)\")."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfs/xattr: falta fdput() en la ruta de error de fremovexattr\n\nEn el kernel de Linux, la llamada al sistema fremovexattr() llama a fdget() para adquirir una referencia de archivo, pero retorna prematuramente sin llamar a fdput() cuando strncpy_from_user() falla en el argumento 'name'. En procesos multihilo donde fdget() toma la ruta lenta, esto fuga permanentemente una referencia de archivo por llamada, fijando la estructura 'struct file' y los objetos del kernel asociados en memoria. Un usuario local sin privilegios puede explotar esto para causar agotamiento de la memoria del kernel. El problema fue corregido inadvertidamente por el commit a71874379ec8 ('xattr: switch to CLASS(fd)')."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/xattr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c03185f4a23e7f89d84c9981091770e876e64480","lessThan":"9a3a2ae5efbbcaed37551218abed94e23c537157","versionType":"git","status":"affected"},{"version":"c3a5e3e872f3688ae0dc57bb78ca633921d96a91","lessThan":"d151b94967c8247005435b63fc60f8f4baa320da","versionType":"git","status":"affected"},{"version":"c3a5e3e872f3688ae0dc57bb78ca633921d96a91","lessThan":"a71874379ec8c6e788a61d71b3ad014a8d9a5c08","versionType":"git","status":"affected"},{"version":"8d5863cb33aa424fc27115ee945ad6b96ae2facb","versionType":"git","status":"affected"},{"version":"6.6.51","lessThan":"6.6.133","versionType":"semver","status":"affected"},{"version":"6.10.10","lessThan":"6.11","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/xattr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.6.133","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.51","versionEndExcluding":"6.6.133","matchCriteriaId":"B87E886F-56D4-4D9C-AE13-088E1851614A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.10","versionEndExcluding":"6.12.77","matchCriteriaId":"3F0B9738-892B-4C33-A6BE-FBE212579E9B"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9a3a2ae5efbbcaed37551218abed94e23c537157","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a71874379ec8c6e788a61d71b3ad014a8d9a5c08","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d151b94967c8247005435b63fc60f8f4baa320da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-11739","sourceIdentifier":"cybersecurity@se.com","published":"2026-03-10T18:17:51.880","lastModified":"2026-06-24T19:20:18.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization."},{"lang":"es","value":"La vulnerabilidad CWE?502: Deserialización de Datos No Confiables existe y podría causar la ejecución de código arbitrario con privilegios administrativos cuando un atacante autenticado localmente envía un flujo de datos manipulado, desencadenando una deserialización insegura."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EcoStruxure™ Power Monitoring Expert (PME)","defaultStatus":"unaffected","versions":[{"version":"Version 2022","status":"affected"},{"version":"Version 2023","status":"affected"},{"version":"Version 2023 R2","status":"affected"},{"version":"Version 2024","status":"affected"},{"version":"Version 2024 R2","status":"affected"}]},{"vendor":"Schneider Electric","product":"EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module","defaultStatus":"unaffected","versions":[{"version":"Version 2022","status":"affected"},{"version":"Version 2024","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T13:33:55.316218Z","id":"CVE-2025-11739","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2022:*:*:*:*:*:*:*","matchCriteriaId":"B1AC016A-48CA-4710-9FA3-3F835089D16C"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2023:-:*:*:*:*:*:*","matchCriteriaId":"14716878-C5FC-4342-9945-AA907D52794C"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2023:r2:*:*:*:*:*:*","matchCriteriaId":"5273F6E6-B6B4-4868-BD5F-B0B92541E3D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2024:-:*:*:*:*:*:*","matchCriteriaId":"B2324F56-A011-42DD-8229-F3BB9976131D"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_monitoring_expert:2024:r2:*:*:*:*:*:*","matchCriteriaId":"DA40F38D-2F77-46AE-B381-F1AC5CBE7454"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_operation:2022:*:*:*:*:*:*:*","matchCriteriaId":"B1A10981-AC18-4E55-BD55-CFA25DE41C23"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_power_operation:2024:*:*:*:*:*:*:*","matchCriteriaId":"F9992586-C4F0-4EEC-8734-FA357DBF77A7"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-06.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-13901","sourceIdentifier":"cybersecurity@se.com","published":"2026-03-10T18:17:52.063","lastModified":"2026-06-23T14:38:33.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels."},{"lang":"es","value":"Existe una vulnerabilidad CWE-404 de cierre o liberación inadecuados de recursos que podría causar una denegación de servicio parcial en el protocolo Machine Expert cuando un atacante no autenticado envía una carga útil maliciosa para ocupar canales de comunicación activos."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"Modicon M241/M251","defaultStatus":"unaffected","versions":[{"version":"Versions prior to 5.4.13.12","status":"affected"}]},{"vendor":"Schneider Electric","product":"Modicon M262","defaultStatus":"unaffected","versions":[{"version":"Versions prior to 5.4.10.12","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T17:24:36.387715Z","id":"CVE-2025-13901","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.13.12","matchCriteriaId":"31DCF35D-C99C-4FB5-926C-09782051FC9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*","matchCriteriaId":"4D8FD9D9-F59F-470E-9F7F-CDDD80B0633C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.13.12","matchCriteriaId":"4D5BD37D-AD63-4A0B-B959-1F731D39E51C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*","matchCriteriaId":"B8E03A25-B0B6-4BA2-80BC-52C16A6837E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m262_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.10.12","matchCriteriaId":"1DF3A045-3B0A-440F-A94D-28FA4EBD82F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m262:-:*:*:*:*:*:*:*","matchCriteriaId":"F2C151DF-D716-4F2F-8129-9D1B88430A72"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory","Mitigation","Patch"]}]}},{"cve":{"id":"CVE-2025-13902","sourceIdentifier":"cybersecurity@se.com","published":"2026-03-10T18:17:52.223","lastModified":"2026-06-23T14:41:40.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload."},{"lang":"es","value":"Existe una vulnerabilidad CWE-79 de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') que podría causar una condición en la que atacantes autenticados pueden hacer que el navegador de una víctima ejecute JavaScript arbitrario cuando la víctima pasa el cursor sobre un elemento creado maliciosamente en un servidor web que contiene la carga útil inyectada."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"Modicon Controllers M241/M251","defaultStatus":"unaffected","versions":[{"version":"Versions prior to 5.4.13.12","status":"affected"}]},{"vendor":"Schneider Electric","product":"Modicon Controllers M258/LMC058","defaultStatus":"unaffected","versions":[{"version":"All versions","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T18:17:03.131045Z","id":"CVE-2025-13902","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m258_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"72CC6066-2CD5-4516-8DE0-178301A1355C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m258:-:*:*:*:*:*:*:*","matchCriteriaId":"FFBF6514-3E32-4C8E-81BA-D6464824351F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"47CDA6D7-419A-4517-B666-762B46D1DCA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_lmc058:-:*:*:*:*:*:*:*","matchCriteriaId":"0DFCD3D7-B85B-4C9E-B80C-B83B017183AA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.13.12","matchCriteriaId":"4D5BD37D-AD63-4A0B-B959-1F731D39E51C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*","matchCriteriaId":"B8E03A25-B0B6-4BA2-80BC-52C16A6837E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.13.12","matchCriteriaId":"31DCF35D-C99C-4FB5-926C-09782051FC9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*","matchCriteriaId":"4D8FD9D9-F59F-470E-9F7F-CDDD80B0633C"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory","Mitigation","Patch"]}]}},{"cve":{"id":"CVE-2026-1286","sourceIdentifier":"cybersecurity@se.com","published":"2026-03-10T18:18:04.917","lastModified":"2026-06-24T15:36:52.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file."},{"lang":"es","value":"CWE-502: Existe una vulnerabilidad de deserialización de datos no confiables que podría conducir a la pérdida de confidencialidad, integridad y una posible ejecución remota de código en la estación de trabajo cuando un usuario autenticado como administrador abre un archivo de proyecto malicioso."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EcoStruxure™ Foxboro DCS","defaultStatus":"unaffected","versions":[{"version":"Versions prior to CS8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T17:54:10.514863Z","id":"CVE-2026-1286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_foxboro_dcs_control_software:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1","matchCriteriaId":"8C0BF9B2-1048-4121-BA9F-B1553EC18FF3"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-03.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-2273","sourceIdentifier":"cybersecurity@se.com","published":"2026-03-10T18:18:48.007","lastModified":"2026-06-23T13:53:23.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file."},{"lang":"es","value":"CWE-94: Existe una vulnerabilidad de Control inadecuado de la generación de código ('Inyección de código') que podría causar la ejecución de comandos no confiables en la estación de trabajo de ingeniería, lo que podría resultar en un compromiso limitado de la estación de trabajo y una posible pérdida de Confidencialidad, Integridad y Disponibilidad del sistema subsiguiente cuando un usuario autenticado abre un archivo de proyecto malicioso."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EcoStruxure™ Automation Expert","defaultStatus":"unaffected","versions":[{"version":"Versions prior to v25.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-10T17:42:09.226674Z","id":"CVE-2026-2273","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_automation_expert:*:*:*:*:*:*:*:*","versionEndExcluding":"25.0.1","matchCriteriaId":"3175FEA8-B52B-4A9E-A51E-83C5F25B395C"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-04.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4874","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T08:16:22.700","lastModified":"2026-06-26T08:16:23.963","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure."},{"lang":"es","value":"Se encontró una vulnerabilidad en Keycloak. Un atacante autenticado puede realizar falsificación de petición del lado del servidor (SSRF) manipulando el parámetro 'client_session_host' durante las peticiones de token de actualización. Esto ocurre cuando un cliente de Keycloak está configurado para usar la 'backchannel.logout.url' con el marcador de posición 'application.session.host'. La explotación exitosa permite al atacante realizar peticiones HTTP desde el contexto de red del servidor de Keycloak, potencialmente sondeando redes internas o APIs internas, lo que lleva a la revelación de información."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-services","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keycloak-services","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-26T13:53:59.095067Z","id":"CVE-2026-4874","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0D8BC03A-4198-4488-946B-3F6B43962942"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*","matchCriteriaId":"0A24CBFB-4900-47A5-88D2-A44C929603DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*","matchCriteriaId":"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4874","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27876","sourceIdentifier":"security@grafana.com","published":"2026-03-27T15:16:50.920","lastModified":"2026-06-27T05:16:43.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always recommended to update to avoid future attack vectors going this path.\n\nOnly instances with the sqlExpressions feature toggle enabled are vulnerable.\n\nOnly instances in the following version ranges are affected:\n\n- 11.6.0 (inclusive) to 11.6.14 (exclusive): 11.6.14 has the fix. 11.5 and below are not affected.\n- 12.0.0 (inclusive) to 12.1.10 (exclusive): 12.1.10 has the fix. 12.0 did not receive an update, as it is end-of-life.\n- 12.2.0 (inclusive) to 12.2.8 (exclusive): 12.2.8 has the fix.\n- 12.3.0 (inclusive) to 12.3.6 (exclusive): 12.3.6 has the fix.\n- 12.4.0 (inclusive) to 12.4.2 (exclusive): 12.4.2 has the fix. 13.0.0 and above also have the fix: no v13 release is affected."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Grafana","defaultStatus":"unaffected","versions":[{"version":"11.6.0","lessThan":"11.6.14","versionType":"semver","status":"affected"},{"version":"12.0.0","lessThan":"12.1.10","versionType":"semver","status":"affected"},{"version":"12.2.0","lessThan":"12.2.8","versionType":"semver","status":"affected"},{"version":"12.3.0","lessThan":"12.3.6","versionType":"semver","status":"affected"},{"version":"12.4.0","lessThan":"12.4.2","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T00:00:00+00:00","id":"CVE-2026-27876","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"11.6.0","matchCriteriaId":"2B1C33F0-5D24-493C-BD5E-78C4B79DEC58"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.6.14","versionEndExcluding":"12.0.0","matchCriteriaId":"94F2B4A1-DE4B-4718-A4D2-FBAE0711CC94"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.10","versionEndExcluding":"12.2.0","matchCriteriaId":"B77BDF7D-60F5-4DA0-B530-D8B69B7BA9B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.8","versionEndExcluding":"12.3.0","matchCriteriaId":"03B82BEE-3BE4-466C-B50D-900DDD46277A"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.6","versionEndExcluding":"12.4.0","matchCriteriaId":"84C9E335-11FD-45E6-8804-2392B0AE11F7"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-27876","source":"security@grafana.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-27876","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452277","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27876.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-37977","sourceIdentifier":"secalert@redhat.com","published":"2026-04-06T09:16:17.850","lastModified":"2026-06-26T08:16:22.157","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: [\"*\"]`."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T11:55:21.318112Z","id":"CVE-2026-37977","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-37977","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34977","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T17:17:11.543","lastModified":"2026-06-23T00:16:27.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Aperi'Solve is an open-source steganalysis web platform. In versions 3.1.3 through 3.2.0, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command, without any form of sanitization or validation. An unauthenticated attacker can achieve root-level RCE inside the worker container with a single HTTP request, enabling full read/write access to all user-uploaded images, analysis results, and plaintext steganography passwords stored on disk. Because the container shares a Docker network with PostgreSQL and Redis (no authentication on either), the attacker can pivot to dump the entire database or manipulate the job queue to poison results for other users. If Docker socket mounting or host volume mounts are present, this could escalate to full host compromise. This would also include defacement of the website itself. This vulnerability is fixed in 3.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Zeecka","product":"AperiSolve","versions":[{"version":">= 3.1.3, < 3.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-07T14:11:36.149507Z","id":"CVE-2026-34977","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aperisolve:aperisolve:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.0","matchCriteriaId":"0F48A676-F3B7-4D34-9B2E-40ED9ABAE9B7"}]}]}],"references":[{"url":"https://github.com/Zeecka/AperiSolve/blob/9fc388c629f86221bf2a265559eba5650d39fc29/aperisolve/analyzers/jpseek.py","source":"security-advisories@github.com"},{"url":"https://github.com/Zeecka/AperiSolve/commit/0193ca4a7d8ae9d6ba6cde82d37a6f94953463b4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Zeecka/AperiSolve/pull/173","source":"security-advisories@github.com"},{"url":"https://github.com/Zeecka/AperiSolve/pull/195","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Zeecka/AperiSolve/releases/tag/3.1.3","source":"security-advisories@github.com"},{"url":"https://github.com/Zeecka/AperiSolve/releases/tag/3.2.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Zeecka/AperiSolve/security/advisories/GHSA-8r22-62p7-9jrp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/Zeecka/AperiSolve/security/advisories/GHSA-8r22-62p7-9jrp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4631","sourceIdentifier":"secalert@redhat.com","published":"2026-04-07T17:16:38.010","lastModified":"2026-06-27T05:16:46.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:344-3.el10_1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:334.1-3.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:344-2.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:344-2.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos","cpe:/a:redhat:rhel_eus:9.6::appstream"],"versions":[{"version":"0:334.2-2.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cockpit","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-08T14:59:46.530946Z","id":"CVE-2026-4631","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:7381","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7382","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7383","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7384","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4631","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450246","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/10/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2026:7381","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7382","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7383","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7384","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4631","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450246","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4631.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-39962","sourceIdentifier":"security-advisories@github.com","published":"2026-04-09T17:16:30.600","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MISP","product":"MISP","versions":[{"version":"< 2.5.36","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-10T14:06:56.445635Z","id":"CVE-2026-39962","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.36","matchCriteriaId":"46AEB973-C699-4D58-BE80-31BD26B75829"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/releases/tag/v2.5.36","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-21733","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-04-17T17:16:35.220","lastModified":"2026-06-26T16:16:30.373","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.\n\n\n\nThis is caused by improper handling of GPU memory reservation protections."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM","versionType":"custom","status":"affected"},{"version":"23.2 RTM","versionType":"custom","status":"affected"},{"version":"24.1 RTM","lessThanOrEqual":"24.2 RTM","versionType":"custom","status":"affected"},{"version":"25.1 RTM","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-17T17:20:11.006304Z","id":"CVE-2026-21733","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-33813","sourceIdentifier":"security@golang.org","published":"2026-04-21T20:16:56.387","lastModified":"2026-06-25T20:17:10.897","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Parsing a WEBP image with an invalid, large size panics on 32-bit platforms."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"golang.org/x/image","product":"golang.org/x/image/webp","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/image/webp","programRoutines":[{"name":"decode"},{"name":"Decode"},{"name":"DecodeConfig"}],"versions":[{"version":"0","lessThan":"0.42.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-22T15:23:43.643284Z","id":"CVE-2026-33813","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:image:*:*:*:*:*:go:*:*","versionEndExcluding":"0.39.0","matchCriteriaId":"C0501D26-73D5-4E11-80EE-77576FB64671"}]}]}],"references":[{"url":"https://go.dev/cl/759860","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/cl/780860","source":"security@golang.org"},{"url":"https://go.dev/issue/78407","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://pkg.go.dev/vuln/GO-2026-4961","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40372","sourceIdentifier":"secure@microsoft.com","published":"2026-04-21T20:16:59.133","lastModified":"2026-06-27T05:16:44.510","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"ASP.NET Core 10.0","versions":[{"version":"10.0","lessThan":"10.0.7","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Visual Studio 2026 version 18.5","versions":[{"version":"18.5.0","lessThan":"18.5.2","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-21T00:00:00+00:00","id":"CVE-2026-40372","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.7","matchCriteriaId":"001BC473-2D30-41BA-8E83-E80A22F519D3"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-40372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40372.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-40453","sourceIdentifier":"security@apache.org","published":"2026-04-27T09:16:01.493","lastModified":"2026-06-27T05:16:44.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components.\n\nThis issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0.\n\nUsers are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel JMS","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-jms","versions":[{"version":"3.0.0","lessThan":"4.14.6","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.20.0","versionType":"semver","status":"affected"}]},{"vendor":"Apache Software Foundation","product":"Apache Camel CoAP","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-coap","versions":[{"version":"3.0.0","lessThan":"4.14.6","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.20.0","versionType":"semver","status":"affected"}]},{"vendor":"Apache Software Foundation","product":"Apache Camel Google PubSub","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-google-pubsub","versions":[{"version":"3.0.0","lessThan":"4.14.6","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.20.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","defaultStatus":"affected","cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"affected","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"unknown","cpes":["cpe:/a:redhat:serverless:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-27T00:00:00+00:00","id":"CVE-2026-40453","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-178"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-178"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"4.14.6","matchCriteriaId":"3CB451CA-CD89-4D27-A289-1456E97FCB24"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.2","matchCriteriaId":"806A2561-97E3-42A3-931D-A9040BB96CE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:4.19.0:*:*:*:*:*:*:*","matchCriteriaId":"EDA4D206-8808-4D2A-873E-8488DD7E3E16"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-40453.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19835","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40453","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463173","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40453.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-33454","sourceIdentifier":"security@apache.org","published":"2026-04-27T10:16:07.853","lastModified":"2026-06-27T05:16:44.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from(\\\"imap://...\\\") or from(\\\"pop3://...\\\")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. An attacker who can deliver an email to a mailbox monitored by such a consumer can inject Camel-specific headers that, for some Camel components downstream of the mail consumer (such as camel-bean, camel-exec, or camel-sql), can alter the behaviour of the route. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177) and the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891).\n\nThis issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.1.\n\nUsers are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.1. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-mail","versions":[{"version":"3.0.0","lessThan":"4.14.6","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","defaultStatus":"affected","cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"affected","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"affected","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:camel_spring_boot:4"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-27T14:56:56.696569Z","id":"CVE-2026-33454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1173"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"4.14.6","matchCriteriaId":"3CB451CA-CD89-4D27-A289-1456E97FCB24"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.1","matchCriteriaId":"CC667F51-0F9D-49FC-889B-DE6F8DC778EB"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-33454.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19835","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-33454","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463181","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33454.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-7111","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-04-29T15:16:09.183","lastModified":"2026-06-25T20:17:17.543","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.\n\nThe Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.\n\nCalling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HMBRAND","product":"Text::CSV_XS","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Text-CSV_XS","programFiles":["CSV_XS.xs"],"programRoutines":[{"name":"Text::CSV_XS::Parse"},{"name":"Text::CSV_XS::print"},{"name":"Text::CSV_XS::getline"},{"name":"Text::CSV_XS::getline_all"}],"repo":"https://github.com/cpan-authors/Text-CSV_XS","versions":[{"version":"0","lessThan":"1.62","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-29T17:49:05.158465Z","id":"CVE-2026-7111","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hmbrand:text\\:\\:csv_xs:*:*:*:*:*:perl:*:*","versionEndExcluding":"1.62","matchCriteriaId":"42D9FCD4-72E4-4E7D-B842-1DF319D08DF0"}]}]}],"references":[{"url":"https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Mailing List","Patch"]},{"url":"https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Product","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/29/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/06/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-7500","sourceIdentifier":"secalert@redhat.com","published":"2026-04-30T15:16:23.673","lastModified":"2026-06-26T08:16:25.507","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T15:02:40.969966Z","id":"CVE-2026-7500","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-425"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-7500","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126","source":"secalert@redhat.com","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-3832","sourceIdentifier":"secalert@redhat.com","published":"2026-04-30T18:16:30.433","lastModified":"2026-06-24T17:16:58.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/gnutls/gnutls","packageName":"gnutls","versions":[{"version":"0","lessThan":"3.8.13","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-30T18:22:07.438915Z","id":"CVE-2026-3832","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-179"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3832","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445762","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1801","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.com/gnutls/gnutls/-/issues/1801","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42052","sourceIdentifier":"security-advisories@github.com","published":"2026-05-04T18:16:30.063","lastModified":"2026-06-23T22:16:31.687","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"beetbox","product":"beets","versions":[{"version":"< 2.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-05T13:07:05.509400Z","id":"CVE-2026-42052","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/beetbox/beets/releases/tag/v2.10.0","source":"security-advisories@github.com"},{"url":"https://github.com/beetbox/beets/security/advisories/GHSA-3gxm-wfjx-m847","source":"security-advisories@github.com"},{"url":"https://lists.debian.org/debian-lts-announce/2026/06/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-41950","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-05T21:16:23.233","lastModified":"2026-06-22T18:16:37.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"langgenius","product":"dify","defaultStatus":"affected","versions":[{"version":"0","lessThan":"1.14.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T12:52:40.047976Z","id":"CVE-2026-41950","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.14.0","matchCriteriaId":"2FA16C69-24E0-466F-A40A-EA9536C0A138"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/releases/tag/1.14.0","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01d","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-uuid","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps","source":"disclosure@vulncheck.com"},{"url":"https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01d","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-6420","sourceIdentifier":"secalert@redhat.com","published":"2026-05-06T11:16:05.193","lastModified":"2026-06-24T03:16:24.810","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keylime","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:7.14.1-5.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"keylime","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T13:54:45.881598Z","id":"CVE-2026-6420","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1241"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:28582","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-6420","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458889","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-8080","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-07T12:16:18.467","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.\n\n\n\n\n\n\nThis issue affects MISP before 2.5.37.\n\n\n\n\nA stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value.\n\n\nThis affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38"}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.37","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-07T14:47:09.800042Z","id":"CVE-2026-8080","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.37","matchCriteriaId":"98F21394-C1D2-4D7C-A1B9-541250CACF67"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/62824e5ca0056d01b195f70466ea0d382cca06d0","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43510","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-05-07T20:16:44.753","lastModified":"2026-06-25T17:16:39.070","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"CISA","product":"manage.get.gov","defaultStatus":"unknown","versions":[{"version":"1.92.0","lessThan":"1.176.0","versionType":"custom","status":"affected"},{"version":"1.176.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-05-04T21:02:15.750389Z","id":"CVE-2026-43510","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-10T14:54:16.440795Z","id":"CVE-2026-43510","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://github.com/cisagov/manage.get.gov/issues/4858","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/cisagov/manage.get.gov/pull/4900","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/cisagov/manage.get.gov/releases/tag/v1.176.0","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/cisagov/manage.get.gov/security/advisories/GHSA-6wrg-x3j6-x464","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-121-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43510","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-6866","sourceIdentifier":"cybersecurity@se.com","published":"2026-05-12T15:16:16.570","lastModified":"2026-06-24T15:17:05.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EcoStruxure™ Panel Server","defaultStatus":"unaffected","modules":["PAS400","PAS600","PAS600V2","PAS800","PAS800V2"],"versions":[{"version":"Versions 002.005.000 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T15:43:29.539824Z","id":"CVE-2026-6866","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:ecostruxure_panel_server_pas400_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002.006.000","matchCriteriaId":"E5078B07-2122-45AA-883A-55FF3DE93DD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:ecostruxure_panel_server_pas400:-:*:*:*:*:*:*:*","matchCriteriaId":"27D73E17-C55C-4C2E-A5CC-226ACE91399A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:ecostruxure_panel_server_pas600_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002.006.000","matchCriteriaId":"D7434A33-C704-4328-B820-166FB25F035D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:ecostruxure_panel_server_pas600:-:*:*:*:*:*:*:*","matchCriteriaId":"A7195AA1-21BB-42D0-9B32-4B344FC93266"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:ecostruxure_panel_server_pas600v2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002.006.000","matchCriteriaId":"DDF21A37-34B5-4C5D-8A4E-A3817D6104B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:ecostruxure_panel_server_pas600v2:-:*:*:*:*:*:*:*","matchCriteriaId":"879BE61A-9A2B-4363-A923-37F4E5C7D8B8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:ecostruxure_panel_server_pas800_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002.006.000","matchCriteriaId":"A9E339A6-DF66-4D19-BADE-E087189E2107"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:ecostruxure_panel_server_pas800:-:*:*:*:*:*:*:*","matchCriteriaId":"A749B94C-FA81-4615-A0E0-29E0DF8705FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:ecostruxure_panel_server_pas800v2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"002.006.000","matchCriteriaId":"0D3E83F4-9C4C-4B20-ACDC-CD62B65AA006"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:ecostruxure_panel_server_pas800v2:-:*:*:*:*:*:*:*","matchCriteriaId":"68962BDE-FE56-4368-8A84-A4F1C9681781"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-132-04.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40369","sourceIdentifier":"secure@microsoft.com","published":"2026-05-12T18:17:16.023","lastModified":"2026-06-26T05:16:27.290","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8457","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8457","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2113","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32860","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.32860","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-07T00:00:00+00:00","id":"CVE-2026-40369","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-822"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8390","matchCriteriaId":"048AD3CD-DD62-4B62-9302-61779D998B4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8390","matchCriteriaId":"3682F4DD-0870-4E39-B75E-649C89BB1E08"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8390","matchCriteriaId":"C2C93D38-DFD7-4DE1-95B8-6D73E4A545D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8390","matchCriteriaId":"05EB89A0-2ADD-4B67-A644-41FE1DE69E4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2113","matchCriteriaId":"D45A5D2F-E058-4033-B184-BAE224FC1CEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2113","matchCriteriaId":"5127F350-9271-4B74-84E0-D7E5D2D5640E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.32772","matchCriteriaId":"9ABAB3B9-28AF-4278-8E78-E1191B1AFC0C"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40369","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44279","sourceIdentifier":"psirt@fortinet.com","published":"2026-05-12T18:17:30.330","lastModified":"2026-06-26T09:16:34.213","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiTokenAndroid","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.0","status":"affected"},{"version":"6.1.0","status":"affected"},{"version":"5.2.0","lessThanOrEqual":"5.2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T18:59:55.342232Z","id":"CVE-2026-44279","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-926"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitoken_mobile:5.2.0:*:*:*:*:android:*:*","matchCriteriaId":"3AD3D233-A9F7-4C19-8C17-29CE1E6AB2EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitoken_mobile:5.2.1:*:*:*:*:android:*:*","matchCriteriaId":"C31D8793-95DB-4F37-AE7A-3DC320E5AB33"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitoken_mobile:5.2.2:*:*:*:*:android:*:*","matchCriteriaId":"3EA248A2-A583-428F-AA93-E997D2C41F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitoken_mobile:6.1.0:*:*:*:*:android:*:*","matchCriteriaId":"930A3AE4-F6D3-41DC-B32E-2C31F5E63FD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortitoken_mobile:6.2.0:*:*:*:*:android:*:*","matchCriteriaId":"0C6F34E3-5D0E-437C-81AE-459393BA668A"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-130","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44223","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T20:16:43.293","lastModified":"2026-06-22T22:16:45.507","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From 0.18.0 to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). A single request with a penalty parameter (e.g., \"repetition_penalty\": 1.1) is sufficient to crash the server. This vulnerability is fixed in 0.20.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.18.0, < 0.20.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-15T14:44:05.012494Z","id":"CVE-2026-44223","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-131"},{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.18.0","versionEndExcluding":"0.20.0","matchCriteriaId":"443F32C2-B323-4FA0-AB97-F6445C91C89E"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/pull/38610","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-83vm-p52w-f9pw","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/vllm-project/vllm/pull/38610","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-83vm-p52w-f9pw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40699","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:43.730","lastModified":"2026-06-24T14:51:20.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:00:07.530837Z","id":"CVE-2026-40699","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-643"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000156734","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40701","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:43.863","lastModified":"2026-06-23T13:57:51.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to \"on\" or \"optional,\" and the ssl_ocsp directive is set to \"on\" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Plus","defaultStatus":"unknown","modules":["ngx_http_ssl_module"],"versions":[{"version":"R37","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"R36","lessThan":"R36 P4","versionType":"custom","status":"affected"},{"version":"R32","lessThan":"R32 P6","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"NGINX Open Source","defaultStatus":"unaffected","modules":["ngx_http_ssl_module"],"versions":[{"version":"1.31.0","lessThan":"*","versionType":"semver","status":"unaffected"},{"version":"1.19.0","lessThan":"1.30.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:55:34.604451Z","id":"CVE-2026-40701","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.7.0","matchCriteriaId":"0772572C-26F9-4FA4-B9E6-BA40ED59F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:*","matchCriteriaId":"C45452BD-7A86-48E7-8E1D-1B340FF70B3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndIncluding":"1.6.2","matchCriteriaId":"15B7F1FD-0C49-460F-9CB8-23DA730EC4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.6.0","matchCriteriaId":"0A6AA23F-A7A1-43DE-AD67-0EB1249143A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.7.2","matchCriteriaId":"10D5B143-4C1E-4626-8B49-3EA7160E9256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.1","matchCriteriaId":"73A1CDBB-49F6-4AB6-AA67-542FD8017D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.4.2","matchCriteriaId":"607EEFA3-BE2A-4660-8C67-E6FC9799325F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.16.0","versionEndIncluding":"2.22.0","matchCriteriaId":"CBC31553-99DE-4155-A8E5-13A84FCCB610"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndIncluding":"1.30.0","matchCriteriaId":"40EA3893-8D1B-4A72-A600-54025E29DD40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*","versionStartIncluding":"r32","versionEndIncluding":"r36","matchCriteriaId":"0B153576-468F-48C2-9BC8-922A938AB235"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.9.0","versionEndIncluding":"4.16.0","matchCriteriaId":"F365BA5A-42D7-4024-9143-06D4DEE31212"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.1.0","versionEndIncluding":"5.8.0","matchCriteriaId":"8D720985-9119-480E-929A-7D9D5C083628"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.9.0","versionEndIncluding":"5.12.1","matchCriteriaId":"DE69C522-7FCB-4452-8E33-FCC72D36BF94"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161021","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40703","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.020","lastModified":"2026-06-24T14:51:25.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:00:49.050772Z","id":"CVE-2026-40703","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K35544022","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41217","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.340","lastModified":"2026-06-24T14:51:28.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:57:44.317702Z","id":"CVE-2026-41217","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161107","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41218","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.473","lastModified":"2026-06-24T14:51:32.823","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["PEM"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:59:20.948604Z","id":"CVE-2026-41218","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160875","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41219","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.620","lastModified":"2026-06-24T14:51:37.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unknown","versions":[{"version":"8.4.0","lessThan":"8.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:01:21.360886Z","id":"CVE-2026-41219","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"27F94743-333B-4CD8-94C8-EADCB3F94365"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000157895","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41225","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.777","lastModified":"2026-06-24T14:51:41.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T00:00:00+00:00","id":"CVE-2026-41225","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160916","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41227","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:44.920","lastModified":"2026-06-24T14:52:01.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unaffected","modules":["Advanced WAF","DDoS Hybrid Defender"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:02:24.748230Z","id":"CVE-2026-41227","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000158979","source":"f5sirt@f5.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41953","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:45.473","lastModified":"2026-06-24T14:52:04.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T00:00:00+00:00","id":"CVE-2026-41953","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160975","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41954","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:45.600","lastModified":"2026-06-24T14:52:09.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unknown","versions":[{"version":"8.4.0","lessThan":"8.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:01:01.204932Z","id":"CVE-2026-41954","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"27F94743-333B-4CD8-94C8-EADCB3F94365"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K32950402","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41956","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:45.737","lastModified":"2026-06-24T14:52:13.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IP Next CNF","defaultStatus":"unknown","versions":[{"version":"2.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"2.0.0","lessThan":"2.0.3","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThan":"1.4.1","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IP Next for Kubernetes","defaultStatus":"unknown","versions":[{"version":"2.0.0","lessThan":"2.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:01:41.083944Z","id":"CVE-2026-41956","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.2","matchCriteriaId":"07177D8A-5A8A-4836-A969-3104E43CCEDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"2D4113B5-994C-42EE-A127-D2BC6E7DC0CD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_for_kubernetes:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB9960E8-26E9-48E2-A398-7076A8B994DA"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000158038","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41957","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:45.867","lastModified":"2026-06-23T13:55:22.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unaffected","versions":[{"version":"8.4.0","lessThan":"8.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T00:00:00+00:00","id":"CVE-2026-41957","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"27F94743-333B-4CD8-94C8-EADCB3F94365"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000156761","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41959","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:46.000","lastModified":"2026-06-24T14:52:18.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unknown","versions":[{"version":"8.4.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:03:33.864632Z","id":"CVE-2026-41959","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0","versionEndIncluding":"8.4.1","matchCriteriaId":"54662042-8E2F-4192-BFEB-F61EDD61B02D"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161022","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42058","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:46.243","lastModified":"2026-06-23T13:57:00.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T03:56:07.996772Z","id":"CVE-2026-42058","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160903","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42063","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:46.440","lastModified":"2026-06-23T13:57:19.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:57:58.509772Z","id":"CVE-2026-42063","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160973","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42406","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:47.517","lastModified":"2026-06-23T13:57:09.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.     Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.2","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.6","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.2","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IQ","defaultStatus":"unaffected","versions":[{"version":"8.4.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T00:00:00+00:00","id":"CVE-2026-42406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-267"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0","versionEndIncluding":"8.4.1","matchCriteriaId":"54662042-8E2F-4192-BFEB-F61EDD61B02D"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160971","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42408","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:47.647","lastModified":"2026-06-23T13:57:14.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["DNS"],"versions":[{"version":"21.0.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:59:47.252323Z","id":"CVE-2026-42408","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000157981","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42409","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:47.770","lastModified":"2026-06-23T13:58:18.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IP Next SPK","defaultStatus":"unknown","versions":[{"version":"2.0.0","lessThan":"2.0.3","versionType":"custom","status":"affected"},{"version":"1.7.0","lessThan":"1.7.17","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IP Next CNF","defaultStatus":"unknown","versions":[{"version":"2.0.0","lessThan":"2.0.3","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThan":"1.4.1","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"BIG-IP Next for Kubernetes","defaultStatus":"unknown","versions":[{"version":"2.0.0","lessThan":"2.1.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:02:32.821180Z","id":"CVE-2026-42409","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndIncluding":"1.4.0","matchCriteriaId":"4EB93DF6-780A-46E1-9C64-984DEDB2DAB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_cloud-native_network_functions:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.2","matchCriteriaId":"07177D8A-5A8A-4836-A969-3104E43CCEDF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_next_for_kubernetes:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.1.0","matchCriteriaId":"5D27384E-90A7-406F-83B6-184744CD8DC5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"BD3A2286-B181-47DA-BCB3-A9D0E0B357AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"004CBB88-E617-4A0A-BE42-E1E6BB52D736"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"920FA89D-E154-4936-B88E-8B60D5B39B40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"94ADD021-8229-4CDE-AE73-33FB1BD4A3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"216A1ED3-D0CD-4A08-B9E8-A5B54942E831"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CA7B9727-7694-4D1B-8B48-175196544050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5481F477-166F-4321-80A0-539095C6B829"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5462B02C-4414-4B14-A671-D8993BD9511D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4A6B33EA-BD41-45A1-801F-BF2439E4F501"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"972BEB00-AAC3-42F7-BB45-881E1A3D1131"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"226B7285-7977-4BBC-947E-E9541E1AAB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B49FF41-861D-488F-94DC-DAE222A9BE0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"4962EDD5-384F-4ABC-8696-8C4AACEE19BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"CE7A5976-AAA0-4FF1-ADAC-4547F24765FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"5728B748-0795-4056-91E8-B3A0DB3A3081"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"C453B7CE-FBA6-46E7-975D-61D7A18773F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"EC77DFC2-A3DC-46E6-9419-0ABA84CD275E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"25701935-02F5-4BD8-95F0-6693C6606558"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"AC71E265-C7B7-4A78-B73A-32B5FECE5D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"8B029869-31AB-4FE2-846E-FC6F7133ADF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"16.1.0","versionEndIncluding":"16.1.6","matchCriteriaId":"2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000159034","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42780","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:48.303","lastModified":"2026-06-23T13:58:28.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["SSLO"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.5","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"SSL Orchestrator","defaultStatus":"unknown","versions":[{"version":"14.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"13.0","lessThan":"13.1.3","versionType":"custom","status":"affected"},{"version":"12.0","lessThan":"12.3.2","versionType":"custom","status":"affected"},{"version":"11.0","lessThan":"11.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:01:28.405672Z","id":"CVE-2026-42780","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000149743","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42781","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:48.447","lastModified":"2026-06-23T13:58:36.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"BIG-IP","defaultStatus":"unknown","modules":["All Modules"],"platforms":["r5000 rSeries","r10000 rSeries","r12000 rSeries","BX110 blades on VELOS","BX520 blades on VELOS"],"versions":[{"version":"21.1.0","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"21.0.0","lessThan":"21.0.0.1","versionType":"custom","status":"affected"},{"version":"17.5.0","lessThan":"17.5.1.4","versionType":"custom","status":"affected"},{"version":"17.1.0","lessThan":"17.1.3.1","versionType":"custom","status":"affected"},{"version":"16.1.0","lessThan":"*","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T15:59:28.041850Z","id":"CVE-2026-42781","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F10F963B-348A-4819-9109-EF0F2304CCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"003B47C5-A8E3-4ECD-B0E1-6FD3BCC6C00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CCCB38CF-FCDA-4E62-8BEA-70DE61D617B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B1489ACC-1DCF-4107-A7A5-12E675B522F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B63EC396-5C6D-4F2B-AA4B-48C19A2DEF40"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E8F401DC-AEE8-4DA1-8D54-51086557F0CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EB3D5211-78EA-479C-A468-F3DD867DA377"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4BF32E2A-2837-4F02-98D4-EC8D4AD7629A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7918553F-3A00-4F1F-8007-40C440D30EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"63F0B2DD-6D9C-4A4E-AB9A-E417D0BA9725"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"961FD6A4-3969-4A7B-B154-71AB91102EDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0EA3A0ED-753C-4909-8EDC-294AF6873791"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B22E4040-EC36-44B7-AE6F-D8A5B982350F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"90819202-D6CE-4742-957E-32653AD75AB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4DCF86-3120-4D11-8233-9E41BF6F1577"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3978168-BE6E-41DB-92A2-99843137BBFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2BBB888F-2AAF-4F90-82F7-12A79A5D9EC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EA18854A-929E-4D5E-B2EC-9AC31A5694C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB4EFA9A-FBB9-437C-9789-7C4EB489DD59"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"900D8242-3139-443E-98A3-30A7D9A0CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4DF82E2E-B438-4205-8A58-802A1F22EB3E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"84ACD36F-E97D-4DDA-A8FD-D911095C1035"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BD71EC53-8ABC-410F-B031-0B3288D2E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"1E446AEE-1CB7-411C-9549-0E12C2EBBF9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AFDDB2A2-3B00-4454-A5BA-F181972B8B70"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D186FF46-E0B0-4B54-9EA9-87AD379FA600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"4AFFB39F-3E07-4316-9DD6-C36407B09C20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"06CB53ED-B0CF-45D0-BF6B-C07C2B5AD3DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"A6E75F5E-8C80-4287-84BF-6676B1029AA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F330E98-E773-4D93-855D-1D82644B3F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"26D5B297-AAD7-4DF5-9C24-E9550DF2793A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"59042348-3748-48E0-B78B-D978C6B241B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"5082DEBB-5C7F-41A2-B48F-0C72C3A6782B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"B010CF79-60CD-4B4C-BDCA-61FBD59397B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"39AA59D4-6DE8-4ABA-9EEB-840755CA76A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"6C89D1A8-D453-4A12-97EA-6642F98FDA27"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83FBED4E-1977-45EF-8D33-4A24D81BFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"54BB0364-2EFA-442B-9DB2-3A49677D965C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F64237A9-9AF0-4D01-958F-753862C33ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2727CEE5-75FD-4345-88C1-3ED60AAF7DE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"205B3D36-A3D8-4859-A3C4-2FA432B4A162"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"EA180633-8625-4F8E-90E2-235BCD334256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"66DDBE6D-423A-4F60-9D06-0E10CB93FB66"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"35FF40AC-3A3E-4B4B-83F4-BB6048FEBB72"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E0B21289-FB5C-47FA-B054-50341236260D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"C83BE4EC-8775-4FF4-B362-9E6EBDD53A04"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C7F7C488-8C01-4EE7-A244-259237F06668"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"556AEFC8-8D4C-4E5A-9051-77424FAAC9D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"E649795C-1B70-411B-B744-E0728109474D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"93597117-087D-4AAC-884F-8E1400D645FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"131D329E-0351-402B-BC67-698DC1C9A83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"2F95824A-E1F8-412E-B59D-8278AE3CB571"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"C8EF0B1D-AE26-4283-8D84-5CECB245652F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4996DCE3-8F39-4917-96A0-2C44C900DEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"AA1487CA-A5F3-4689-9458-7309C2E17C9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"48DBF1EA-4DFD-402F-81BC-430B7D74C5FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"7F234CDF-C413-4E70-9A97-6467ADB33EA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"BA32DFFC-6412-4BA9-9382-5E307539AF4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"BCBD1B79-3FC1-4288-BEF8-E5D60DA939A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"D25B01D7-F665-47EE-9185-40581A6C3DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"83AD64DE-7D0B-4380-89E0-A06817B21606"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1.0","versionEndIncluding":"17.1.3","matchCriteriaId":"4AE71FB5-6842-4822-9CA4-1427BC9187BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndIncluding":"17.5.1","matchCriteriaId":"F1516CC2-94CA-4FB2-AC5A-6CFB0580980C"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000160862","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42945","sourceIdentifier":"f5sirt@f5.com","published":"2026-05-13T16:16:50.190","lastModified":"2026-06-27T05:16:45.143","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Plus","defaultStatus":"unknown","modules":["ngx_http_rewrite_module"],"versions":[{"version":"R37","lessThan":"*","versionType":"custom","status":"unaffected"},{"version":"R36","lessThan":"R36 P4","versionType":"custom","status":"affected"},{"version":"R32","lessThan":"R32 P6","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"NGINX Open Source","defaultStatus":"unaffected","modules":["ngx_http_rewrite_module"],"versions":[{"version":"1.31.0","lessThan":"*","versionType":"semver","status":"unaffected"},{"version":"0.6.27","lessThan":"1.30.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.14","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.14::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.15","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.19","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.19::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Lightspeed proxy 1","defaultStatus":"affected","cpes":["cpe:/a:redhat:insights_proxy:1"]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T00:00:00+00:00","id":"CVE-2026-42945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.7.0","matchCriteriaId":"0772572C-26F9-4FA4-B9E6-BA40ED59F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:4.8.0:*:*:*:*:nginx:*:*","matchCriteriaId":"C45452BD-7A86-48E7-8E1D-1B340FF70B3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndIncluding":"1.6.2","matchCriteriaId":"15B7F1FD-0C49-460F-9CB8-23DA730EC4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.5.1","matchCriteriaId":"CE4363AD-0E25-4A27-A45B-A436605626F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.7.2","matchCriteriaId":"10D5B143-4C1E-4626-8B49-3EA7160E9256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.1","matchCriteriaId":"73A1CDBB-49F6-4AB6-AA67-542FD8017D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.4.1","matchCriteriaId":"653E97B6-7BC8-4427-B875-F19E9CE6A04B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.16.0","versionEndIncluding":"2.21.1","matchCriteriaId":"32EC06F0-3263-43FF-B855-EF903E6FFE7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.27","versionEndIncluding":"1.30.0","matchCriteriaId":"35DC1B89-E400-429C-9360-303F69D2BF3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*","versionStartIncluding":"r32","versionEndIncluding":"r36","matchCriteriaId":"0B153576-468F-48C2-9BC8-922A938AB235"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.9.0","versionEndIncluding":"4.16.0","matchCriteriaId":"F365BA5A-42D7-4024-9143-06D4DEE31212"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.1.0","versionEndIncluding":"5.8.0","matchCriteriaId":"8D720985-9119-480E-929A-7D9D5C083628"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.9.0","versionEndIncluding":"5.12.1","matchCriteriaId":"DE69C522-7FCB-4452-8E33-FCC72D36BF94"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161019","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://depthfirst.com/nginx-rift","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Technical Description","Third Party Advisory"]},{"url":"https://github.com/DepthFirstDisclosures/Nginx-Rift","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17417","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17751","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17752","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17753","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17790","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17791","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17792","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17793","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17794","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18029","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18041","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18063","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19159","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19371","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19374","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20442","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20444","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22382","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22383","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22388","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22389","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22390","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22393","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22394","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22396","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42945","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477116","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42945.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43476","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:50.680","lastModified":"2026-06-26T20:18:11.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()\n\nsizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead\nof the intended __be32 element size (4 bytes). Use sizeof(*meas) to\ncorrectly match the buffer element type."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iio/chemical/sps30_i2c.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"9aff2e9c2927ecd9652872a43a0725f101128104","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"08881d82f94deaa51800360029908863e5c4c39d","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"dcdf1e92674efb6692f4ebe189e0aa9fde23a541","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"2a4d111a6a34afb8bb4f118009e7728ed2ec7e10","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"90e978ace598567e6e30de79805bddf37cf892ac","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"165f12b40901c6a7aca15796da239726ddcdc5ad","versionType":"git","status":"affected"},{"version":"8f3f130852785dac0759843835ca97c3bacc2b10","lessThan":"216345f98cae7fcc84f49728c67478ac00321c87","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iio/chemical/sps30_i2c.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.203","matchCriteriaId":"D6A985A0-96A3-4E0A-B271-C7200F325EF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08881d82f94deaa51800360029908863e5c4c39d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/165f12b40901c6a7aca15796da239726ddcdc5ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/216345f98cae7fcc84f49728c67478ac00321c87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a4d111a6a34afb8bb4f118009e7728ed2ec7e10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90e978ace598567e6e30de79805bddf37cf892ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9aff2e9c2927ecd9652872a43a0725f101128104","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcdf1e92674efb6692f4ebe189e0aa9fde23a541","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43477","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:50.807","lastModified":"2026-06-26T20:18:04.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL\n\nApparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE\nbefore enabling TRANS_DDI_FUNC_CTL.\n\nPersonally I was only able to reproduce a hang (on an Dell XPS 7390\n2-in-1) with an external display connected via a dock using a dodgy\ntype-C cable that made the link training fail. After the failed\nlink training the machine would hang. TGL seemed immune to the\nproblem for whatever reason.\n\nBSpec does tell us to configure VRR after enabling TRANS_DDI_FUNC_CTL\nas well. The DMC firmware also does the VRR restore in two stages:\n- first stage seems to be unconditional and includes TRANS_VRR_CTL\n  and a few other VRR registers, among other things\n- second stage is conditional on the DDI being enabled,\n  and includes TRANS_DDI_FUNC_CTL and TRANS_VRR_VMAX/VMIN/FLIPLINE,\n  among other things\n\nSo let's reorder the steps to match to avoid the hang, and\ntoss in an extra WARN to make sure we don't screw this up later.\n\nBSpec: 22243\n(cherry picked from commit 93f3a267c3dd4d811b224bb9e179a10d81456a74)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/i915/display/intel_display.c","drivers/gpu/drm/i915/display/intel_vrr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"dda7dcd9da73c5327aef42b89f0519bb51e84217","lessThan":"8a7d29b8bda144d44e61df1b2705b1d4378f4e44","versionType":"git","status":"affected"},{"version":"dda7dcd9da73c5327aef42b89f0519bb51e84217","lessThan":"bf9e3b6ffd76da38dd4961c65d80571b25bf10a5","versionType":"git","status":"affected"},{"version":"dda7dcd9da73c5327aef42b89f0519bb51e84217","lessThan":"237aab549676288d9255bb8dcc284738e56eaa31","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/i915/display/intel_display.c","drivers/gpu/drm/i915/display/intel_vrr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.20","matchCriteriaId":"1C570CE1-BC61-4BE6-9393-FD0CA8637367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/237aab549676288d9255bb8dcc284738e56eaa31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a7d29b8bda144d44e61df1b2705b1d4378f4e44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf9e3b6ffd76da38dd4961c65d80571b25bf10a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43478","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:50.940","lastModified":"2026-06-26T20:17:57.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put\n\nThe correct helper to use in rt1011_recv_spk_mode_put() to retrieve the\nDAPM context is snd_soc_component_to_dapm(), from kcontrol we will\nreceive NULL pointer."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/soc/codecs/rt1011.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5b35bb517f27fc2401ec3cfd8c02a127627a0188","lessThan":"b10b2b15b45923ff2807eeb034d91a39b0a3e690","versionType":"git","status":"affected"},{"version":"5b35bb517f27fc2401ec3cfd8c02a127627a0188","lessThan":"30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/soc/codecs/rt1011.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b10b2b15b45923ff2807eeb034d91a39b0a3e690","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43479","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.040","lastModified":"2026-06-26T20:17:50.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n  WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n  __netif_napi_del_locked+0x2b4/0x350 (P)\n  lan78xx_disconnect+0xf4/0x360\n  usb_unbind_interface+0x158/0x718\n  device_remove+0x100/0x150\n  device_release_driver_internal+0x308/0x478\n  device_release_driver+0x1c/0x30\n  bus_remove_device+0x1a8/0x368\n  device_del+0x2e0/0x7b0\n  usb_disable_device+0x244/0x540\n  usb_disconnect+0x220/0x758\n  hub_event+0x105c/0x35e0\n  process_one_work+0x760/0x17b0\n  worker_thread+0x768/0xce8\n  kthread+0x3bc/0x690\n  ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last  enabled at (211603): [<ffffffc0828cc9ec>] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [<ffffffc0828a9a84>] el1_dbg+0x24/0x80\n softirqs last  enabled at (211296): [<ffffffc080095f10>] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [<ffffffc080010288>] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/usb/lan78xx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e110bc82589752909e283ba5cbc160e0ab56c085","lessThan":"20ce2bd1c1848414c5d3520d301ed3f5751ed634","versionType":"git","status":"affected"},{"version":"e110bc82589752909e283ba5cbc160e0ab56c085","lessThan":"395a8b903738511f536c97c427e15ef038e1a11c","versionType":"git","status":"affected"},{"version":"e110bc82589752909e283ba5cbc160e0ab56c085","lessThan":"312c816c6bc30342bc30dca0d6db617ab4d3ae4e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/usb/lan78xx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.19","matchCriteriaId":"25416534-40E3-4D42-9162-AB375255352E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/20ce2bd1c1848414c5d3520d301ed3f5751ed634","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/312c816c6bc30342bc30dca0d6db617ab4d3ae4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/395a8b903738511f536c97c427e15ef038e1a11c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43480","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.163","lastModified":"2026-06-26T20:17:39.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition\n\nThe acp3x_5682_init() function did not check the return value of\nclk_get(), which could lead to dereferencing error pointers in\nrt5682_clk_enable().\n\nFix this by:\n1. Changing clk_get() to the device-managed devm_clk_get().\n2. Adding proper IS_ERR() checks for both clock acquisitions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/soc/amd/acp3x-rt5682-max9836.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"2dc43ac8da7b2bebc5a51a3d86a6275d78f27cff","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"4d802f23fcbfec05134653fd001f6c7c3fd55196","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"2b0c4a399c8d27f20ecf17dda76751141d6dbb59","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"35c7624d30cb45ec336cd16ce072acc32ae351cb","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"33de168afdd57265a0e0c20dbd3648a2d8f7cdc4","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"790851ecc983c719fa2e6adb17b02f3acc1d217d","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"092522621901b5e6af61db04a53f5b313903c6d0","versionType":"git","status":"affected"},{"version":"6b8e4e7db3cd236a2cbb720360fb135087a2ac1d","lessThan":"53f3a900e9a383d47af7253076e19f510c5708d0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/soc/amd/acp3x-rt5682-max9836.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.253","matchCriteriaId":"0B1A046E-0C62-426C-8D6D-9BCC6EB56D6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/092522621901b5e6af61db04a53f5b313903c6d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2b0c4a399c8d27f20ecf17dda76751141d6dbb59","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2dc43ac8da7b2bebc5a51a3d86a6275d78f27cff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33de168afdd57265a0e0c20dbd3648a2d8f7cdc4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/35c7624d30cb45ec336cd16ce072acc32ae351cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d802f23fcbfec05134653fd001f6c7c3fd55196","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53f3a900e9a383d47af7253076e19f510c5708d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/790851ecc983c719fa2e6adb17b02f3acc1d217d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43481","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.287","lastModified":"2026-06-26T20:17:33.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet-shapers: don't free reply skb after genlmsg_reply()\n\ngenlmsg_reply() hands the reply skb to netlink, and\nnetlink_unicast() consumes it on all return paths, whether the\nskb is queued successfully or freed on an error path.\n\nnet_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit()\ncurrently jump to free_msg after genlmsg_reply() fails and call\nnlmsg_free(msg), which can hit the same skb twice.\n\nReturn the genlmsg_reply() error directly and keep free_msg\nonly for pre-reply failures."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/shaper/shaper.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4b623f9f0f59652ea71fcb27d60b4c3b65126dbb","lessThan":"8738dcc844fff7d0157ee775230e95df3b1884d7","versionType":"git","status":"affected"},{"version":"4b623f9f0f59652ea71fcb27d60b4c3b65126dbb","lessThan":"83f7b54242d0abbfce35a55c01322f50962ed3ee","versionType":"git","status":"affected"},{"version":"4b623f9f0f59652ea71fcb27d60b4c3b65126dbb","lessThan":"57885276cc16a2e2b76282c808a4e84cbecb3aae","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/shaper/shaper.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/57885276cc16a2e2b76282c808a4e84cbecb3aae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83f7b54242d0abbfce35a55c01322f50962ed3ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8738dcc844fff7d0157ee775230e95df3b1884d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43482","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.390","lastModified":"2026-06-26T20:17:19.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Disable preemption between scx_claim_exit() and kicking helper work\n\nscx_claim_exit() atomically sets exit_kind, which prevents scx_error() from\ntriggering further error handling. After claiming exit, the caller must kick\nthe helper kthread work which initiates bypass mode and teardown.\n\nIf the calling task gets preempted between claiming exit and kicking the\nhelper work, and the BPF scheduler fails to schedule it back (since error\nhandling is now disabled), the helper work is never queued, bypass mode\nnever activates, tasks stop being dispatched, and the system wedges.\n\nDisable preemption across scx_claim_exit() and the subsequent work kicking\nin all callers - scx_disable() and scx_vexit(). Add\nlockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the\nrequirement."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/sched/ext.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f0e1a0643a59bf1f922fa209cec86a170b784f3f","lessThan":"41423912f7ac7494ccd6eef411227b4efce740e0","versionType":"git","status":"affected"},{"version":"f0e1a0643a59bf1f922fa209cec86a170b784f3f","lessThan":"522acaae34aa7e05859260056b39c7c030592a0c","versionType":"git","status":"affected"},{"version":"f0e1a0643a59bf1f922fa209cec86a170b784f3f","lessThan":"5131dbec2c10961b34f844bc30b400c3fa0bcc72","versionType":"git","status":"affected"},{"version":"f0e1a0643a59bf1f922fa209cec86a170b784f3f","lessThan":"83236b2e43dba00bee5b82eb5758816b1a674f6a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/sched/ext.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.78","matchCriteriaId":"CF16B1DB-0D79-4F76-8B3C-57C79AB99F70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43483","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.497","lastModified":"2026-06-26T20:17:11.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated\n\nExplicitly set/clear CR8 write interception when AVIC is (de)activated to\nfix a bug where KVM leaves the interception enabled after AVIC is\nactivated.  E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8\nwill remain intercepted in perpetuity.\n\nOn its own, the dangling CR8 intercept is \"just\" a performance issue, but\ncombined with the TPR sync bug fixed by commit d02e48830e3f (\"KVM: SVM:\nSync TPR from LAPIC into VMCB::V_TPR even if AVIC is active\"), the danging\nintercept is fatal to Windows guests as the TPR seen by hardware gets\nwildly out of sync with reality.\n\nNote, VMX isn't affected by the bug as TPR_THRESHOLD is explicitly ignored\nwhen Virtual Interrupt Delivery is enabled, i.e. when APICv is active in\nKVM's world.  I.e. there's no need to trigger update_cr8_intercept(), this\nis firmly an SVM implementation flaw/detail.\n\nWARN if KVM gets a CR8 write #VMEXIT while AVIC is active, as KVM should\nnever enter the guest with AVIC enabled and CR8 writes intercepted.\n\n[Squash fix to avic_deactivate_vmcb. - Paolo]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/svm/avic.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"a4123fe5d9122eef9852e4921f7cc463420f30d4","versionType":"git","status":"affected"},{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"816fa1dfae4532e851b1fe6b2434c753ecbd86c7","versionType":"git","status":"affected"},{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"01651e7751edbbc0fb4598f8367a3dabcfc8c182","versionType":"git","status":"affected"},{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"ba3bca40f9f25c053f69413e5f4a41dd0fd762bf","versionType":"git","status":"affected"},{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"737410b32bd615b321da4fbeda490351b9af5e8b","versionType":"git","status":"affected"},{"version":"3bbf3565f48ce3999b5a12cde946f81bd4475312","lessThan":"87d0f901a9bd8ae6be57249c737f20ac0cace93d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/svm/avic.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"6.1.167","matchCriteriaId":"2F2951CF-8A4F-4F3F-AF9E-9BFA065CAEA5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01651e7751edbbc0fb4598f8367a3dabcfc8c182","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/737410b32bd615b321da4fbeda490351b9af5e8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/816fa1dfae4532e851b1fe6b2434c753ecbd86c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87d0f901a9bd8ae6be57249c737f20ac0cace93d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4123fe5d9122eef9852e4921f7cc463420f30d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba3bca40f9f25c053f69413e5f4a41dd0fd762bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43484","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.623","lastModified":"2026-06-26T19:27:23.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid bitfield RMW for claim/retune flags\n\nMove claimed and retune control flags out of the bitfield word to\navoid unrelated RMW side effects in asynchronous contexts.\n\nThe host->claimed bit shared a word with retune flags. Writes to claimed\nin __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite\nother bits when concurrent updates happen in other contexts, triggering\nspurious WARN_ON(!host->claimed). Convert claimed, can_retune,\nretune_now and retune_paused to bool to remove shared-word coupling."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/mmc/host.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"41dce4dae583a8ce06a7ebf4ce704c46a142957c","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"bb7fc2498c3bb25fa6a91f22f4760005325cfbd5","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"270277c2ab631044867adb1bd2f2433d3892de6e","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"45038e03f15e992c48603fff8c6b1c9be5397ac9","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"0e06cc511c61cff1591e5435a207759adcc76b6d","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc","versionType":"git","status":"affected"},{"version":"6c0cedd1ef9527ef13e66875746570e76a3188a7","lessThan":"901084c51a0a8fb42a3f37d2e9c62083c495f824","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/linux/mmc/host.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.203","matchCriteriaId":"75F6AE0B-4D68-494C-A613-F7A30AD34171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e06cc511c61cff1591e5435a207759adcc76b6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/270277c2ab631044867adb1bd2f2433d3892de6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41dce4dae583a8ce06a7ebf4ce704c46a142957c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45038e03f15e992c48603fff8c6b1c9be5397ac9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/901084c51a0a8fb42a3f37d2e9c62083c495f824","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb7fc2498c3bb25fa6a91f22f4760005325cfbd5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43485","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.750","lastModified":"2026-06-26T19:26:24.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/gsp: drop WARN_ON in ACPI probes\n\nThese WARN_ONs seem to trigger a lot, and we don't seem to have a\nplan to fix them, so just drop them, as they are most likely\nharmless."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"176fdcbddfd288408ce8571c1760ad618d962096","lessThan":"214b6bde0e941a34ba877cf2f26f85d62fb5d598","versionType":"git","status":"affected"},{"version":"176fdcbddfd288408ce8571c1760ad618d962096","lessThan":"d1c991c860496d97044802ea54b30f20db468c1d","versionType":"git","status":"affected"},{"version":"176fdcbddfd288408ce8571c1760ad618d962096","lessThan":"9478c166c46934160135e197b049b5a05753f2ad","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.18.19","matchCriteriaId":"7FB5171C-B4B3-473D-BE87-E5F9956A42AB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/214b6bde0e941a34ba877cf2f26f85d62fb5d598","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9478c166c46934160135e197b049b5a05753f2ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d1c991c860496d97044802ea54b30f20db468c1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43486","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.880","lastModified":"2026-06-26T19:23:45.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults\n\ncontpte_ptep_set_access_flags() compared the gathered ptep_get() value\nagainst the requested entry to detect no-ops. ptep_get() ORs AF/dirty\nfrom all sub-PTEs in the CONT block, so a dirty sibling can make the\ntarget appear already-dirty. When the gathered value matches entry, the\nfunction returns 0 even though the target sub-PTE still has PTE_RDONLY\nset in hardware.\n\nFor a CPU with FEAT_HAFDBS this gathered view is fine, since hardware may\nset AF/dirty on any sub-PTE and CPU TLB behavior is effectively gathered\nacross the CONT range. But page-table walkers that evaluate each\ndescriptor individually (e.g. a CPU without DBM support, or an SMMU\nwithout HTTU, or with HA/HD disabled in CD.TCR) can keep faulting on the\nunchanged target sub-PTE, causing an infinite fault loop.\n\nGathering can therefore cause false no-ops when only a sibling has been\nupdated:\n - write faults: target still has PTE_RDONLY (needs PTE_RDONLY cleared)\n - read faults:  target still lacks PTE_AF\n\nFix by checking each sub-PTE against the requested AF/dirty/write state\n(the same bits consumed by __ptep_set_access_flags()), using raw\nper-PTE values rather than the gathered ptep_get() view, before\nreturning no-op. Keep using the raw target PTE for the write-bit unfold\ndecision.\n\nPer Arm ARM (DDI 0487) D8.7.1 (\"The Contiguous bit\"), any sub-PTE in a CONT\nrange may become the effective cached translation and software must\nmaintain consistent attributes across the range."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/mm/contpte.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4602e5757bcceb231c3a13c36c373ad4a750eddb","lessThan":"05d239f2c95e66e27e7fb4e99ee07eb56e3e34b0","versionType":"git","status":"affected"},{"version":"4602e5757bcceb231c3a13c36c373ad4a750eddb","lessThan":"6f92a7a8b48a523f910ef25dd83808710724f59b","versionType":"git","status":"affected"},{"version":"4602e5757bcceb231c3a13c36c373ad4a750eddb","lessThan":"09d620555e59768776090073a2c59d2bc8506eb3","versionType":"git","status":"affected"},{"version":"4602e5757bcceb231c3a13c36c373ad4a750eddb","lessThan":"97c5550b763171dbef61e6239cab372b9f9cd4a2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/mm/contpte.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.78","matchCriteriaId":"D1D90B78-24E3-418D-A238-3FE23C32239B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05d239f2c95e66e27e7fb4e99ee07eb56e3e34b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/09d620555e59768776090073a2c59d2bc8506eb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f92a7a8b48a523f910ef25dd83808710724f59b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/97c5550b763171dbef61e6239cab372b9f9cd4a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43487","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:51.997","lastModified":"2026-06-26T19:23:33.153","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Disable LPM on ST1000DM010-2EP102\n\nAccording to a user report, the ST1000DM010-2EP102 has problems with LPM,\ncausing random system freezes. The drive belongs to the same BarraCuda\nfamily as the ST2000DM008-2FR102 which has the same issue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/ata/libata-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7627a0edef548c4c4dea62df51cc26bfe5bbcab8","lessThan":"f897b72cc74d24e7106716184f450d4045a6289b","versionType":"git","status":"affected"},{"version":"7627a0edef548c4c4dea62df51cc26bfe5bbcab8","lessThan":"87f0349beaacab2ac60c4a1b6dcff254cef7d5a0","versionType":"git","status":"affected"},{"version":"7627a0edef548c4c4dea62df51cc26bfe5bbcab8","lessThan":"a4bfb1947eda615fe0b2fc54beb6bedc03372e34","versionType":"git","status":"affected"},{"version":"7627a0edef548c4c4dea62df51cc26bfe5bbcab8","lessThan":"b3b1d3ae1d87bc9398fb715c945968bf4c75a09a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/ata/libata-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.78","matchCriteriaId":"D1D90B78-24E3-418D-A238-3FE23C32239B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/87f0349beaacab2ac60c4a1b6dcff254cef7d5a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4bfb1947eda615fe0b2fc54beb6bedc03372e34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3b1d3ae1d87bc9398fb715c945968bf4c75a09a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f897b72cc74d24e7106716184f450d4045a6289b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43488","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:52.107","lastModified":"2026-06-26T19:23:22.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Prevent interrupt storm on host controller error (HCE)\n\nThe xHCI controller reports a Host Controller Error (HCE) in UAS Storage\nDevice plug/unplug scenarios on Android devices. HCE is checked in\nxhci_irq() function and causes an interrupt storm (since the interrupt\nisn’t cleared), leading to severe system-level faults.\n\nWhen the xHC controller reports HCE in the interrupt handler, the driver\nonly logs a warning and assumes xHC activity will stop as stated in xHCI\nspecification. An interrupt storm does however continue on some hosts\neven after HCE, and only ceases after manually disabling xHC interrupt\nand stopping the controller by calling xhci_halt().\n\nAdd xhci_halt() to xhci_irq() function where STS_HCE status is checked,\nmirroring the existing error handling pattern used for STS_FATAL errors.\n\nThis only fixes the interrupt storm. Proper HCE recovery requires resetting\nand re-initializing the xHC."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/usb/host/xhci-ring.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2a25e66d676dfb9b018abd503deed3d38a892dec","lessThan":"b2dd9abf8c06cfcbcf242321fd54ae51a4807705","versionType":"git","status":"affected"},{"version":"2a25e66d676dfb9b018abd503deed3d38a892dec","lessThan":"6f91f3f087194c114d6d8ea4591b850bb00672f8","versionType":"git","status":"affected"},{"version":"2a25e66d676dfb9b018abd503deed3d38a892dec","lessThan":"cd41e0d1df8fcf5eae294657da52b50d1ce03246","versionType":"git","status":"affected"},{"version":"2a25e66d676dfb9b018abd503deed3d38a892dec","lessThan":"09ff0099c6cf148ff1f7053b5b6c84beb1c2ef8d","versionType":"git","status":"affected"},{"version":"2a25e66d676dfb9b018abd503deed3d38a892dec","lessThan":"d6d5febd12452b7fd951fdd15c3ec262f01901a4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/usb/host/xhci-ring.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.19","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.19","matchCriteriaId":"D394AC60-6F28-435F-872A-CCDF384B8331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09ff0099c6cf148ff1f7053b5b6c84beb1c2ef8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f91f3f087194c114d6d8ea4591b850bb00672f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2dd9abf8c06cfcbcf242321fd54ae51a4807705","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd41e0d1df8fcf5eae294657da52b50d1ce03246","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6d5febd12452b7fd951fdd15c3ec262f01901a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43489","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-13T16:16:52.230","lastModified":"2026-06-26T19:16:26.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nliveupdate: luo_file: remember retrieve() status\n\nLUO keeps track of successful retrieve attempts on a LUO file.  It does so\nto avoid multiple retrievals of the same file.  Multiple retrievals cause\nproblems because once the file is retrieved, the serialized data\nstructures are likely freed and the file is likely in a very different\nstate from what the code expects.\n\nThe retrieve boolean in struct luo_file keeps track of this, and is passed\nto the finish callback so it knows what work was already done and what it\nhas left to do.\n\nAll this works well when retrieve succeeds.  When it fails,\nluo_retrieve_file() returns the error immediately, without ever storing\nanywhere that a retrieve was attempted or what its error code was.  This\nresults in an errored LIVEUPDATE_SESSION_RETRIEVE_FD ioctl to userspace,\nbut nothing prevents it from trying this again.\n\nThe retry is problematic for much of the same reasons listed above.  The\nfile is likely in a very different state than what the retrieve logic\nnormally expects, and it might even have freed some serialization data\nstructures.  Attempting to access them or free them again is going to\nbreak things.\n\nFor example, if memfd managed to restore 8 of its 10 folios, but fails on\nthe 9th, a subsequent retrieve attempt will try to call\nkho_restore_folio() on the first folio again, and that will fail with a\nwarning since it is an invalid operation.\n\nApart from the retry, finish() also breaks.  Since on failure the\nretrieved bool in luo_file is never touched, the finish() call on session\nclose will tell the file handler that retrieve was never attempted, and it\nwill try to access or free the data structures that might not exist, much\nin the same way as the retry attempt.\n\nThere is no sane way of attempting the retrieve again.  Remember the error\nretrieve returned and directly return it on a retry.  Also pass this\nstatus code to finish() so it can make the right decision on the work it\nneeds to do.\n\nThis is done by changing the bool to an integer.  A value of 0 means\nretrieve was never attempted, a positive value means it succeeded, and a\nnegative value means it failed and the error code is the value."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/liveupdate.h","kernel/liveupdate/luo_file.c","mm/memfd_luo.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7c722a7f44e0c1f9714084152226bc7bd644b7e3","lessThan":"1d3ad69484dc1cc53be62d2554e7ef038a627af9","versionType":"git","status":"affected"},{"version":"7c722a7f44e0c1f9714084152226bc7bd644b7e3","lessThan":"f85b1c6af5bc3872f994df0a5688c1162de07a62","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/linux/liveupdate.h","kernel/liveupdate/luo_file.c","mm/memfd_luo.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.9","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.9","matchCriteriaId":"E825E7C3-FEAC-4FD3-8A81-78D7387948C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d3ad69484dc1cc53be62d2554e7ef038a627af9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f85b1c6af5bc3872f994df0a5688c1162de07a62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-44431","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T16:16:57.150","lastModified":"2026-06-26T12:16:32.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"urllib3","product":"urllib3","versions":[{"version":">= 1.23, < 2.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T16:51:26.677054Z","id":"CVE-2026-44431","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*","versionStartIncluding":"1.23","versionEndExcluding":"2.7.0","matchCriteriaId":"FEC8DBA3-7985-45C5-A453-F83EC4BD18DA"}]}]}],"references":[{"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/06/msg00040.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-44379","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:48.480","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues or unexpected behaviour in code paths that assume Collection UUIDs are valid identifiers. This vulnerability is fixed in 2.5.37."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MISP","product":"MISP","versions":[{"version":"< 2.5.37","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T12:57:25.706804Z","id":"CVE-2026-44379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.37","matchCriteriaId":"98F21394-C1D2-4D7C-A1B9-541250CACF67"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f8b20358c3cd8fd3d784452901876f2db0acbf05","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/security/advisories/GHSA-jrvj-84mg-8f29","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44380","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:48.623","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within the same organization. Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. This vulnerability is fixed in 2.5.37."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MISP","product":"MISP","versions":[{"version":"< 2.5.37","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T16:05:19.358078Z","id":"CVE-2026-44380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.37","matchCriteriaId":"98F21394-C1D2-4D7C-A1B9-541250CACF67"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/security/advisories/GHSA-3939-4g6m-m3hc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44381","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T21:16:48.770","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request parameters and incorporated them into database query ordering clauses without sufficient validation of the requested field name. An attacker with access to the affected endpoints could craft a malicious ordering parameter to manipulate the generated SQL query. Depending on database permissions and query context, this could potentially allow unauthorized access to data, modification of query behavior, or other database-level impact. This vulnerability is fixed in 2.5.37."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MISP","product":"MISP","versions":[{"version":"< 2.5.37","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T15:51:53.243137Z","id":"CVE-2026-44381","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.37","matchCriteriaId":"98F21394-C1D2-4D7C-A1B9-541250CACF67"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/security/advisories/GHSA-4cxp-22wm-j6jr","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-43490","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-15T06:16:20.363","lastModified":"2026-06-26T19:16:00.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate inherited ACE SID length\n\nsmb_inherit_dacl() walks the parent directory DACL loaded from the\nsecurity descriptor xattr. It verifies that each ACE contains the fixed\nSID header before using it, but does not verify that the variable-length\nSID described by sid.num_subauth is fully contained in the ACE.\n\nA malformed inheritable ACE can advertise more subauthorities than are\npresent in the ACE. compare_sids() may then read past the ACE.\nsmb_set_ace() also clamps the copied destination SID, but used the\nunchecked source SID count to compute the inherited ACE size. That could\nadvance the temporary inherited ACE buffer pointer and nt_size accounting\npast the allocated buffer.\n\nFix this by validating the parent ACE SID count and SID length before\nusing the SID during inheritance. Compute the inherited ACE size from the\ncopied SID so the size matches the bounded destination SID. Reject the\ninherited DACL if size accumulation would overflow smb_acl.size or the\nsecurity descriptor allocation size."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/smbacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"a7fb771314fb3a265d30f8ac245869a367ab065c","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"47c6e37a77b10e74f70d845ba4ea5d3cafa00336","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"1aa60fea7f637c071f529ad6784aecca2f2f0c5f","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"c1d95c995d5bcb24b639200a899eda59cb1e6d64","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"996454bc0da84d5a1dedb1a7861823087e01a7ae","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/smbacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.141","matchCriteriaId":"5B5345D8-165B-45CC-868E-1056A690E18A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1aa60fea7f637c071f529ad6784aecca2f2f0c5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47c6e37a77b10e74f70d845ba4ea5d3cafa00336","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/996454bc0da84d5a1dedb1a7861823087e01a7ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7fb771314fb3a265d30f8ac245869a367ab065c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1d95c995d5bcb24b639200a899eda59cb1e6d64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2021-47952","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-16T16:16:21.520","lastModified":"2026-06-27T05:16:40.617","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Jsonpickle","product":"python jsonpickle","versions":[{"version":"2.0.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-18T17:00:43.878538Z","id":"CVE-2021-47952","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/jsonpickle/jsonpickle","source":"disclosure@vulncheck.com"},{"url":"https://jsonpickle.github.io","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/49585","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/python-jsonpickle-remote-code-execution-via-py-repr","source":"disclosure@vulncheck.com"},{"url":"https://access.redhat.com/security/cve/CVE-2021-47952","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2478170","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-47952.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-41947","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:25.827","lastModified":"2026-06-22T18:16:36.883","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"langgenius","product":"dify","defaultStatus":"affected","versions":[{"version":"0","lessThan":"1.14.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-02T13:16:35.135056Z","id":"CVE-2026-41947","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/commit/55d05fe52de880cd8497df8cea052351c594fad8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/langgenius/dify/pull/35793","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation","Patch"]},{"url":"https://github.com/langgenius/dify/releases/tag/1.14.2","source":"disclosure@vulncheck.com"},{"url":"https://huntr.com/bounties/a43076b2-fbc8-4750-9647-89a036b52f52","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-authorization-bypass-via-trace-configuration-endpoints","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-41948","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:25.977","lastModified":"2026-06-22T18:16:37.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"langgenius","product":"dify","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.14.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-18T14:38:43.720028Z","id":"CVE-2026-41948","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/pull/35796","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation","Patch"]},{"url":"https://huntr.com/bounties/35b7ad59-e35d-443f-bf77-387bfb932ec0","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-path-traversal-via-plugin-daemon-internal-api-access","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-41949","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-18T15:16:26.137","lastModified":"2026-06-22T18:16:37.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"langgenius","product":"dify","defaultStatus":"affected","versions":[{"version":"0","lessThan":"1.14.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T16:21:14.373432Z","id":"CVE-2026-41949","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.1","matchCriteriaId":"A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}],"references":[{"url":"https://github.com/langgenius/dify/commit/432a6412a3fdb30ce48003d699b90cc7d890df20","source":"disclosure@vulncheck.com"},{"url":"https://github.com/langgenius/dify/pull/35797","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Mitigation","Patch"]},{"url":"https://github.com/langgenius/dify/releases/tag/1.14.2","source":"disclosure@vulncheck.com"},{"url":"https://huntr.com/bounties/d50a0240-7951-4939-b989-9bded66c7682","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-preview-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-45829","sourceIdentifier":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","published":"2026-05-18T17:16:34.040","lastModified":"2026-06-27T05:16:46.127","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint."}],"affected":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","affectedData":[{"vendor":"Chroma","product":"ChromaDB","defaultStatus":"unaffected","packageName":"chromadb","repo":"https://github.com/chroma-core/chroma","versions":[{"version":"1.0.0","lessThanOrEqual":"*","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T12:53:10.341013Z","id":"CVE-2026-45829","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/chroma-core/chroma/issues/6717","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c"},{"url":"https://www.hiddenlayer.com/research/chromatoast-served-pre-auth","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-45829","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479623","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45829.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://www.hiddenlayer.com/research/chromatoast-served-pre-auth","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8830","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T07:16:30.500","lastModified":"2026-06-26T08:16:25.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T16:31:58.175835Z","id":"CVE-2026-8830","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-603"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-8830","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479565","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8922","sourceIdentifier":"secalert@redhat.com","published":"2026-05-19T08:16:18.343","lastModified":"2026-06-26T08:16:25.797","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T12:53:15.432674Z","id":"CVE-2026-8922","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-8922","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479586","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2611","sourceIdentifier":"security@huntr.dev","published":"2026-05-19T10:16:22.983","lastModified":"2026-06-27T05:16:43.533","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"mlflow","product":"mlflow/mlflow","versions":[{"version":"unspecified","lessThan":"3.10.0","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T13:26:07.361461Z","id":"CVE-2026-2611","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.10.0","matchCriteriaId":"4BE6B646-36C3-4BB7-8186-CC7DE96B9680"}]}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/8f9c8a53af90842944101eb8b7d60706822c81bc","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-2611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479797","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://huntr.com/bounties/8462addd-b464-4a84-b6a2-5529604e6e5a","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2611.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43491","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-19T12:16:18.747","lastModified":"2026-06-26T19:14:15.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: ns: Limit the maximum server registration per node\n\nCurrent code does no bound checking on the number of servers added per\nnode. A malicious client can flood NEW_SERVER messages and exhaust memory.\n\nFix this issue by limiting the maximum number of server registrations to\n256 per node. If the NEW_SERVER message is received for an old port, then\ndon't restrict it as it will get replaced. While at it, also rate limit\nthe error messages in the failure path of qrtr_ns_worker().\n\nNote that the limit of 256 is chosen based on the current platform\nrequirements. If requirement changes in the future, this limit can be\nincreased."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/qrtr/ns.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"e6f6cd501fb54060940a6eb3f4103eeb5e426ae7","versionType":"git","status":"affected"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"3efaad55cad1ded429e3a873bfece389058a526b","versionType":"git","status":"affected"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"35fb4a0c077c5d1049c2628b769e0a1b1e65df0d","versionType":"git","status":"affected"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"868202aa2adae427060a42d5bd663b4d782ec02c","versionType":"git","status":"affected"},{"version":"0c2204a4ad710d95d348ea006f14ba926e842ffd","lessThan":"d5ee2ff98322337951c56398e79d51815acbf955","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/qrtr/ns.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.6.140","matchCriteriaId":"A990FD1C-7109-4DDB-A221-53FD00482C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/35fb4a0c077c5d1049c2628b769e0a1b1e65df0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3efaad55cad1ded429e3a873bfece389058a526b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/868202aa2adae427060a42d5bd663b4d782ec02c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5ee2ff98322337951c56398e79d51815acbf955","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6f6cd501fb54060940a6eb3f4103eeb5e426ae7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43492","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-19T12:16:18.880","lastModified":"2026-06-26T17:30:39.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()\n\nYiming reports an integer underflow in mpi_read_raw_from_sgl() when\nsubtracting \"lzeros\" from the unsigned \"nbytes\".\n\nFor this to happen, the scatterlist \"sgl\" needs to occupy more bytes\nthan the \"nbytes\" parameter and the first \"nbytes + 1\" bytes of the\nscatterlist must be zero.  Under these conditions, the while loop\niterating over the scatterlist will count more zeroes than \"nbytes\",\nsubtract the number of zeroes from \"nbytes\" and cause the underflow.\n\nWhen commit 2d4d1eea540b (\"lib/mpi: Add mpi sgl helpers\") originally\nintroduced the bug, it couldn't be triggered because all callers of\nmpi_read_raw_from_sgl() passed a scatterlist whose length was equal to\n\"nbytes\".\n\nHowever since commit 63ba4d67594a (\"KEYS: asymmetric: Use new crypto\ninterface without scatterlists\"), the underflow can now actually be\ntriggered.  When invoking a KEYCTL_PKEY_ENCRYPT system call with a\nlarger \"out_len\" than \"in_len\" and filling the \"in\" buffer with zeroes,\ncrypto_akcipher_sync_prep() will create an all-zero scatterlist used for\nboth the \"src\" and \"dst\" member of struct akcipher_request and thereby\nfulfil the conditions to trigger the bug:\n\n  sys_keyctl()\n    keyctl_pkey_e_d_s()\n      asymmetric_key_eds_op()\n        software_key_eds_op()\n          crypto_akcipher_sync_encrypt()\n            crypto_akcipher_sync_prep()\n              crypto_akcipher_encrypt()\n                rsa_enc()\n                  mpi_read_raw_from_sgl()\n\nTo the user this will be visible as a DoS as the kernel spins forever,\ncausing soft lockup splats as a side effect.\n\nFix it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["lib/crypto/mpi/mpicoder.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"a1793a48881ec8d26e9c79b0ee65753f1c6846a4","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"1abd50fc3cfa16fc2074a3c8c2729c50fd9d7043","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"6d63615c796c085b4984e3031b9fa77fffb47360","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"2aa77a18dc7f2670497fe3ee5acbeda0b57659e5","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"26d3a97ad46c7a9226ec04d4bf35bd4998a97d16","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"8637dfb4c1d8a7026ef681f2477c6de8b71c4003","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"30e513e755bb381afce6fb57cdc8694136193f22","versionType":"git","status":"affected"},{"version":"2d4d1eea540b27c72488fd1914674c42473d53df","lessThan":"8c2f1288250a90a4b5cabed5d888d7e3aeed4035","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["lib/crypto/mpi/mpicoder.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.4","status":"affected"},{"version":"0","lessThan":"4.4","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"5.10.259","matchCriteriaId":"8A6221E2-0431-45D7-A907-6F4AB7029D6A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1abd50fc3cfa16fc2074a3c8c2729c50fd9d7043","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26d3a97ad46c7a9226ec04d4bf35bd4998a97d16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2aa77a18dc7f2670497fe3ee5acbeda0b57659e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30e513e755bb381afce6fb57cdc8694136193f22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d63615c796c085b4984e3031b9fa77fffb47360","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8637dfb4c1d8a7026ef681f2477c6de8b71c4003","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c2f1288250a90a4b5cabed5d888d7e3aeed4035","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1793a48881ec8d26e9c79b0ee65753f1c6846a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43493","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-19T12:16:19.020","lastModified":"2026-06-26T17:30:15.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Fix handling of MAY_BACKLOG requests\n\nMAY_BACKLOG requests can return EBUSY.  Handle them by checking\nfor that value and filtering out EINPROGRESS notifications."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["crypto/pcrypt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"ae7e95638d956d556d74b9abb9e780d3bd3dcd9e","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"1d7f07df450bac3301938fbc4251f2611be4084e","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"76641449b28979ebd6c02e9598367e119e385236","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"9f1cbca178c03188e201ed175251372149bb25f2","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"eb34e243df57e32f4c08fa191f3602ea19076276","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"77d55bc8675ee851ed639dc9be77325a8024cf67","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"46271895ddfb1ba41f89f7e0dffbe9c2bcf7380a","versionType":"git","status":"affected"},{"version":"5a1436beec5744029f3ac90b6fe71a698dcd6155","lessThan":"915b692e6cb723aac658c25eb82c58fd81235110","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["crypto/pcrypt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.258","matchCriteriaId":"B07D4ABF-AED6-4ADB-A7DE-7A990429D41B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d7f07df450bac3301938fbc4251f2611be4084e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/46271895ddfb1ba41f89f7e0dffbe9c2bcf7380a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76641449b28979ebd6c02e9598367e119e385236","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77d55bc8675ee851ed639dc9be77325a8024cf67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/915b692e6cb723aac658c25eb82c58fd81235110","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9f1cbca178c03188e201ed175251372149bb25f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae7e95638d956d556d74b9abb9e780d3bd3dcd9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb34e243df57e32f4c08fa191f3602ea19076276","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-47323","sourceIdentifier":"security@apache.org","published":"2026-05-19T14:16:48.653","lastModified":"2026-06-27T05:16:46.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering\n\nThe CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453).\n\n\nThis issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2.\n\nUsers are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-cxf-rest","versions":[{"version":"3.18.0","lessThan":"4.14.6","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.2","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:camel_spring_boot:4"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-19T00:00:00+00:00","id":"CVE-2026-47323","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Primary","description":[{"lang":"en","value":"CWE-178"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-791"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.0","versionEndExcluding":"4.14.6","matchCriteriaId":"25B8B88F-A725-4DCF-9B02-B78046B63294"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.2","matchCriteriaId":"806A2561-97E3-42A3-931D-A9040BB96CE5"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-47323.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-47323","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479869","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47323.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-6555","sourceIdentifier":"security@wordfence.com","published":"2026-05-20T02:16:38.930","lastModified":"2026-06-23T02:16:34.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload malicious PHP files and achieve remote code execution by sending a valid first file followed by a malicious file."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"prosolution","product":"ProSolution WP Client","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T13:15:31.571596Z","id":"CVE-2026-6555","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L1345","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/includes/UploadHandler.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L1072","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/tags/2.0.0/public/class-prosolwpclient-public.php#L998","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L1345","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/includes/UploadHandler.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L1072","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/prosolution-wp-client/trunk/public/class-prosolwpclient-public.php#L998","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3535622/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0b870d35-7e10-4fb5-8c3b-2bf299d1f3d5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9087","sourceIdentifier":"secalert@redhat.com","published":"2026-05-20T17:16:32.207","lastModified":"2026-06-26T08:16:26.253","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,\nidpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-21T14:01:27.979329Z","id":"CVE-2026-9087","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9087","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480172","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9136","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-20T20:16:46.013","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update an existing record, an authenticated user able to submit shadow attribute proposals could provide the identifier of an existing ShadowAttribute and cause that record to be updated instead of creating a new proposal.\n\n\n\n\nThis can result in unauthorized modification of existing shadow attributes, potentially affecting proposals associated with events the user should not be able to alter. Depending on deployment configuration and accessible API responses, the issue may also expose or move proposal data across event contexts.\n\n\n\n\nThe vulnerability is caused by trusting a client-supplied primary key during object creation. The fix removes the id field from incoming ShadowAttribute data before processing, ensuring that the endpoint always creates a new proposal rather than updating an existing one. This has been fixed in MISP 2.5.38."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"2.5.0","lessThanOrEqual":"2.5.37","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T19:27:15.698321Z","id":"CVE-2026-9136","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.38","matchCriteriaId":"D74FD844-F731-40CA-961A-4D6CE7B6E1E3"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/49911b1d4b6e4517d803e50e3d980aaa4d37c16d","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-9137","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-20T20:16:46.177","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"2.5.0","lessThanOrEqual":"2.5.37","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T19:26:27.850035Z","id":"CVE-2026-9137","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.38","matchCriteriaId":"D74FD844-F731-40CA-961A-4D6CE7B6E1E3"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/02932cccab230b295afcaf5aa05e363d30db0ec9","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-9149","sourceIdentifier":"secalert@redhat.com","published":"2026-05-21T00:16:35.630","lastModified":"2026-06-27T00:16:49.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:0.7.33-5.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libsolv-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"0.7.38-2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite-capsule:el8/libsolv","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 4 for Cloud Providers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/a:redhat:rhui:4::el8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-21T12:22:28.191967Z","id":"CVE-2026-9149","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensuse:libsolv:*:*:*:*:*:*:*:*","versionEndIncluding":"0.7.36","matchCriteriaId":"C5E77B8B-49EC-4357-9246-3B07632AFF19"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","matchCriteriaId":"848C92A9-0677-442B-8D52-A448F2019903"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*","matchCriteriaId":"E8D92E10-0E79-479F-A963-5657D1BC4E03"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:21333","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28236","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9149","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460380","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/openSUSE/libsolv/pull/617","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/openSUSE/libsolv/pull/617","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2026-43495","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-21T13:16:18.847","lastModified":"2026-06-26T17:29:15.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler\n\nt7xx_port_enum_msg_handler() uses the modem-supplied port_count field as\na loop bound over port_msg->data[] without checking that the message buffer\ncontains sufficient data. A modem sending port_count=65535 in a 12-byte\nbuffer triggers a slab-out-of-bounds read of up to 262140 bytes.\n\nAdd a sizeof(*port_msg) check before accessing the port message header\nfields to guard against undersized messages.\n\nAdd a struct_size() check after extracting port_count and before the loop.\n\nIn t7xx_parse_host_rt_data(), guard the rt_feature header read with a\nremaining-buffer check before accessing data_len, validate feat_data_len\nagainst the actual remaining buffer to prevent OOB reads and signed\ninteger overflow on offset.\n\nPass msg_len from both call sites: skb->len at the DPMAIF path after\nskb_pull(), and the validated feat_data_len at the handshake path."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wwan/t7xx/t7xx_modem_ops.c","drivers/net/wwan/t7xx/t7xx_port_ctrl_msg.c","drivers/net/wwan/t7xx/t7xx_port_proxy.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"307c5d0f36a5c74042217136da5bfbd9f7504650","versionType":"git","status":"affected"},{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"f94450ce5053b36002995b72d1fa1db3bb08c5bf","versionType":"git","status":"affected"},{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"9855e063e063158cc5bded576382599dc3133202","versionType":"git","status":"affected"},{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"2b56d7903ab804481f5233a259d5f341e9fd513c","versionType":"git","status":"affected"},{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"dd4f4c93c1488d7100b9964f2da4c8b3c29652f1","versionType":"git","status":"affected"},{"version":"da45d2566a1d4e260b894ff5d96be64b21c7fa79","lessThan":"0e7c074cfcd9bd93765505f9eb8b42f03ed2a744","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wwan/t7xx/t7xx_modem_ops.c","drivers/net/wwan/t7xx/t7xx_port_ctrl_msg.c","drivers/net/wwan/t7xx/t7xx_port_proxy.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.176","matchCriteriaId":"190567C3-238F-444D-89B9-23420EE1EFFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e7c074cfcd9bd93765505f9eb8b42f03ed2a744","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2b56d7903ab804481f5233a259d5f341e9fd513c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/307c5d0f36a5c74042217136da5bfbd9f7504650","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9855e063e063158cc5bded576382599dc3133202","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd4f4c93c1488d7100b9964f2da4c8b3c29652f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f94450ce5053b36002995b72d1fa1db3bb08c5bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}},{"cve":{"id":"CVE-2026-43496","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-21T13:16:18.960","lastModified":"2026-06-26T17:29:09.027","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked\n\nWhen red qdisc has children (eg qfq qdisc) whose peek() callback is\nqdisc_peek_dequeued(), we could get a kernel panic. When the parent of such\nqdiscs (eg illustrated in patch #3 as tbf) wants to retrieve an skb from\nits child (red in this case), it will do the following:\n 1a. do a peek() - and when sensing there's an skb the child can offer, then\n     - the child in this case(red) calls its child's (qfq) peek.\n        qfq does the right thing and will return the gso_skb queue packet.\n        Note: if there wasnt a gso_skb entry then qfq will store it there.\n 1b. invoke a dequeue() on the child (red). And herein lies the problem.\n     - red will call the child's dequeue() which will essentially just\n       try to grab something of qfq's queue.\n\n[   78.667668][  T363] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]\n[   78.667927][  T363] CPU: 1 UID: 0 PID: 363 Comm: ping Not tainted 7.1.0-rc1-00033-g46f74a3f7d57-dirty #790 PREEMPT(full)\n[   78.668263][  T363] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[   78.668486][  T363] RIP: 0010:qfq_dequeue+0x446/0xc90 [sch_qfq]\n[   78.668718][  T363] Code: 54 c0 e8 dd 90 00 f1 48 c7 c7 e0 03 54 c0 48 89 de e8 ce 90 00 f1 48 8d 7b 48 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 <80> 3c 02 00 74 05 e8 ef a1 e1 f1 48 8b 7b 48 48 8d 54 24 58 48 8d\n[   78.669312][  T363] RSP: 0018:ffff88810de573e0 EFLAGS: 00010216\n[   78.669533][  T363] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[   78.669790][  T363] RDX: 0000000000000009 RSI: 0000000000000004 RDI: 0000000000000048\n[   78.670044][  T363] RBP: ffff888110dc4000 R08: ffffffffb1b0885a R09: fffffbfff6ba9078\n[   78.670297][  T363] R10: 0000000000000003 R11: ffff888110e31c80 R12: 0000001880000000\n[   78.670560][  T363] R13: ffff888110dc4150 R14: ffff888110dc42b8 R15: 0000000000000200\n[   78.670814][  T363] FS:  00007f66a8f09c40(0000) GS:ffff888163428000(0000) knlGS:0000000000000000\n[   78.671110][  T363] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   78.671324][  T363] CR2: 000055db4c6a30a8 CR3: 000000010da67000 CR4: 0000000000750ef0\n[   78.671585][  T363] PKRU: 55555554\n[   78.671713][  T363] Call Trace:\n[   78.671843][  T363]  <TASK>\n[   78.671936][  T363]  ? __pfx_qfq_dequeue+0x10/0x10 [sch_qfq]\n[   78.672148][  T363]  ? __pfx__printk+0x10/0x10\n[   78.672322][  T363]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   78.672496][  T363]  ? lockdep_hardirqs_on_prepare+0xa8/0x1a0\n[   78.672706][  T363]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   78.672875][  T363]  ? trace_hardirqs_on+0x19/0x1a0\n[   78.673047][  T363]  red_dequeue+0x65/0x270 [sch_red]\n[   78.673217][  T363]  ? srso_alias_return_thunk+0x5/0xfbef5\n[   78.673385][  T363]  tbf_dequeue.cold+0xb0/0x70c [sch_tbf]\n[   78.673566][  T363]  __qdisc_run+0x169/0x1900\n\nThe right thing to do in #1b is to grab the skb off gso_skb queue.\nThis patchset fixes that issue by changing #1b to use qdisc_dequeue_peeked()\nmethod instead."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/sch_red.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"03b0aaeba082ae981a0dfe96cdd03d02050537a1","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"c7335f4dc0fa21f7015b910c6fc2f4d599732328","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"45cd83c5c470ba49fe261489c8358ad7b9df7c45","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"36aa34f42cb6842cf371f3a2d3e855d24fd57a50","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"ce051eede433f876d322ac3550a36a3c6fc4c231","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"8d09618840b99ef00154d3e731ce9b11e096196d","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"587dcf970a525f543d8b5855d9f37a4ca97b76ef","versionType":"git","status":"affected"},{"version":"77be155cba4e163e8bba9fd27222a8b6189ec4f7","lessThan":"458d5615272d3de535748342eb68ca492343048c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/sch_red.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.29","status":"affected"},{"version":"0","lessThan":"2.6.29","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.29","versionEndExcluding":"5.10.258","matchCriteriaId":"CE62A641-B2AF-4077-9B44-DCE56A381D1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03b0aaeba082ae981a0dfe96cdd03d02050537a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36aa34f42cb6842cf371f3a2d3e855d24fd57a50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/458d5615272d3de535748342eb68ca492343048c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45cd83c5c470ba49fe261489c8358ad7b9df7c45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/587dcf970a525f543d8b5855d9f37a4ca97b76ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d09618840b99ef00154d3e731ce9b11e096196d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7335f4dc0fa21f7015b910c6fc2f4d599732328","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce051eede433f876d322ac3550a36a3c6fc4c231","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43497","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-21T13:16:19.090","lastModified":"2026-06-26T17:29:05.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free\n\ndlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebuffer pages\nto userspace but sets no vm_ops on the VMA. This means the kernel cannot\ntrack active mmaps. When dlfb_realloc_framebuffer() replaces the backing\nbuffer via FBIOPUT_VSCREENINFO, existing mmap PTEs are not invalidated.\nOn USB disconnect, dlfb_ops_destroy() calls vfree() on the old pages\nwhile userspace PTEs still reference them, resulting in a use-after-free:\nthe process retains read/write access to freed kernel pages.\n\nAdd vm_operations_struct with open/close callbacks that maintain an\natomic mmap_count on struct dlfb_data. In dlfb_realloc_framebuffer(),\ncheck mmap_count and return -EBUSY if the buffer is currently mapped,\npreventing buffer replacement while userspace holds stale PTEs.\n\nTested with PoC using dummy_hcd + raw_gadget USB device emulation."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/video/fbdev/udlfb.c","include/video/udlfb.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"60f711cfd580f86fea8284146ac133804e728f9a","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"5931f5651ee32bd41b3323256b31fcc8e71336ed","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"e3d9865dacd7435b8465848428210d0f0c673311","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"4f312c30f0368e8d2a76aa650dff73f23490b5e7","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"18dd358de72d57993422cbb5dfb29ccd74efe192","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"da9b065cedfd3b574f229d5be594e6aa47a27ae6","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"a2c53a3822ee26e8d758071815b9ed3bf6669fc1","versionType":"git","status":"affected"},{"version":"7433914efd584b22bb49d3e1eee001f5d0525ecd","lessThan":"8de779dc40d35d39fa07387b6f921eb11df0f511","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/video/fbdev/udlfb.c","include/video/udlfb.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.258","matchCriteriaId":"80C72BB7-F8C5-4503-80AB-CDC8ED7CBECF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18dd358de72d57993422cbb5dfb29ccd74efe192","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4f312c30f0368e8d2a76aa650dff73f23490b5e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5931f5651ee32bd41b3323256b31fcc8e71336ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60f711cfd580f86fea8284146ac133804e728f9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8de779dc40d35d39fa07387b6f921eb11df0f511","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2c53a3822ee26e8d758071815b9ed3bf6669fc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da9b065cedfd3b574f229d5be594e6aa47a27ae6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3d9865dacd7435b8465848428210d0f0c673311","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43498","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-21T13:16:19.200","lastModified":"2026-06-26T17:29:01.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Disallow re-exporting imported GEM objects\n\nPrevent re-exporting of imported GEM buffers by adding a custom\nprime_handle_to_fd callback that checks if the object is imported\nand returns -EOPNOTSUPP if so.\n\nRe-exporting imported GEM buffers causes loss of buffer flags settings,\nleading to incorrect device access and data corruption."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/accel/ivpu/ivpu_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"57557964b582238d5ee4b8538d1c4694f91c2186","lessThan":"3756043dd695bba34cc728cdc5688dcb49ac8043","versionType":"git","status":"affected"},{"version":"57557964b582238d5ee4b8538d1c4694f91c2186","lessThan":"7dd57d7a6350770dfc283287125c409e995200e0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/accel/ivpu/ivpu_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3756043dd695bba34cc728cdc5688dcb49ac8043","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7dd57d7a6350770dfc283287125c409e995200e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-43502","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-21T13:16:19.520","lastModified":"2026-06-26T17:28:25.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: handle zerocopy send cleanup before the message is queued\n\nA zerocopy send can fail after user pages have been pinned but before\nthe message is attached to the sending socket.\n\nThe purge path currently infers zerocopy state from rm->m_rs, so an\nunqueued message can be cleaned up as if it owned normal payload pages.\nHowever, zerocopy ownership is really determined by the presence of\nop_mmp_znotifier, regardless of whether the message has reached the\nsocket queue.\n\nCapture op_mmp_znotifier up front in rds_message_purge() and use it as\nthe cleanup discriminator. If the message is already associated with a\nsocket, keep the existing completion path. Otherwise, drop the pinned\npage accounting directly and release the notifier before putting the\npayload pages.\n\nThis keeps early send failure cleanup consistent with the zerocopy\nlifetime rules without changing the normal queued completion path."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/rds/message.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"e9aefdc5c53fe9aed108c14e3d155710a1bb14c9","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"46662f7dc59475995609bf3e9d27eb36f4acf26f","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"1e262db7675e27f42c3f3f47d6011855f4454f24","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"21d70744e6d3bbf9293aa1ee6fba7c53ad75275e","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"3abc8983b2bae3f487f77d9da5527d7d6b210d46","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"14ef6fd18db2494098b21e0471bf27a1d8e9993e","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"0f5c185fc79a59ee9991234dd6d2a3e5afa6e75b","versionType":"git","status":"affected"},{"version":"0cebaccef3acbdfbc2d85880a2efb765d2f4e2e3","lessThan":"44b550d88b267320459d518c0743a241ab2108fa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/rds/message.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.258","matchCriteriaId":"CF9EFBB4-E004-479B-A237-DECC87FD4D0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f5c185fc79a59ee9991234dd6d2a3e5afa6e75b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/14ef6fd18db2494098b21e0471bf27a1d8e9993e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e262db7675e27f42c3f3f47d6011855f4454f24","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21d70744e6d3bbf9293aa1ee6fba7c53ad75275e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3abc8983b2bae3f487f77d9da5527d7d6b210d46","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/44b550d88b267320459d518c0743a241ab2108fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/46662f7dc59475995609bf3e9d27eb36f4acf26f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9aefdc5c53fe9aed108c14e3d155710a1bb14c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-33000","sourceIdentifier":"support@hackerone.com","published":"2026-05-22T02:16:33.933","lastModified":"2026-06-24T15:10:34.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi OS Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T00:00:00+00:00","id":"CVE-2026-33000","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"660F20FA-9862-4FE1-8C27-0AEAEE2F2A69"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34908","sourceIdentifier":"support@hackerone.com","published":"2026-05-22T02:16:34.240","lastModified":"2026-06-24T14:50:41.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi OS Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-SE","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Beast","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.11","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"EFG","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDW","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR-5G","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"Express 7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Instant","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR-Core","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-8","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCKP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK-Enterprise","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Fiber","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Industrial","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T00:00:00+00:00","id":"CVE-2026-34908","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-06-23","cisaActionDue":"2026-06-26","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Ubiquiti UniFi OS Improper Access Control Vulnerability","weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"660F20FA-9862-4FE1-8C27-0AEAEE2F2A69"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"37D51815-9B4B-4753-9907-141E183A29AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-:*:*:*:*:*:*:*","matchCriteriaId":"ABDECBF6-CB92-4AF6-A3AB-D4AA4635B688"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4C302996-B127-48DD-9652-44C120351EE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:*","matchCriteriaId":"33E04DDA-88A0-47C1-8AE2-2F59B1A08BAF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"B6C4EB63-3ED5-4A5E-9C70-446159333C34"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"B493983E-8632-4492-9B0A-E8E11E0E0BB2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"FFDF1A5E-2127-4F22-88FE-72185E1D102D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:*","matchCriteriaId":"DEF52155-86F1-458A-8B7E-355B67C5C819"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"131427ED-219F-44D7-AF4C-1EE2EBF0C0FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro_max:-:*:*:*:*:*:*:*","matchCriteriaId":"60808A48-C41A-448F-97C4-B1CD8DCCB4DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CDD13CAB-C444-43CF-8E56-D3B3EF5208FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_fortress_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"8C87C188-7982-4DFF-98F1-58511360F3E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4991C6F7-E443-4CA3-8EA5-C71D1252B300"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B6514E-2878-4AEE-BF1E-08B804C069FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8D73F0DB-0E95-44B0-9CC0-BFEBB0582ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FF6A5E-A223-4F57-9FFD-F2AE473B3627"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"9BAF5DAD-7403-4811-B2F3-490F72CB5C0D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_7:-:*:*:*:*:*:*:*","matchCriteriaId":"A41E5541-FC13-430C-BDCA-CC677B372D7F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"56E176C6-07DB-4E14-B41C-4AC34CAAC1B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_express_7:-:*:*:*:*:*:*:*","matchCriteriaId":"5CD0201D-D5C9-4CE7-A302-467F602D73D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"7EC49DF3-4CB0-491E-A4E9-46EE6C2CDD3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"A5D7AF0C-CF50-485D-8471-9AB1AA6471CA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"D83F4DFB-C975-4E3C-A045-AAE24EB7C54F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"87FB08DA-35EA-4C27-AA5F-2B7AE25D58FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E78B7448-6777-4488-BDA9-C0514FC7BB6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_instant:-:*:*:*:*:*:*:*","matchCriteriaId":"FC8EB74F-F32A-4A5E-B613-58F2F7BC24CB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFB1B14-CFB2-45D3-AA35-FBA93A4D5606"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"348BBC75-CA5B-4B38-A2CF-28313B7168F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CA783309-29D0-40C6-9B4A-D961A486CBCC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"2C468BFA-A87B-4A3F-B12C-B3BCE225167C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"20690D42-B607-4E40-8D87-B8715838BD1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_max:-:*:*:*:*:*:*:*","matchCriteriaId":"022225AB-7AF9-4F7A-97A2-CD8700DEA087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"0C1DF011-B148-4706-90D9-55DB0FD9A3E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-:*:*:*:*:*:*:*","matchCriteriaId":"01C00466-E414-4DF7-8752-93D3D77C5104"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8F12DAB1-E58E-4044-A799-792A3DD59642"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_5g_max:-:*:*:*:*:*:*:*","matchCriteriaId":"EA957B87-E4D2-4B7C-AC27-200BFC44477E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"47600BC6-7DDF-4ABA-A0C6-1E3C6C4E67B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder_core:-:*:*:*:*:*:*:*","matchCriteriaId":"BD22580F-1E63-48F0-BE9C-1EA9328DD539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"29802116-2569-4863-B830-AF6C054BCDE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*","matchCriteriaId":"4C4ED829-08E6-4330-B105-DC01A3159C90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"638BF6B4-4DBF-43C7-A355-3FE897029F2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey:-:*:*:*:*:*:*:*","matchCriteriaId":"A484BC77-24D3-423F-AC16-3341C3396BA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E132D457-330E-43DF-BC6D-956A9C65E9C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey_enterprise:-:*:*:*:*:*:*:*","matchCriteriaId":"DDD7812E-3548-4B2C-9416-DEE0985AB07C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFBED72-FDF6-4487-B6FA-AEF0BBA7BF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FF59AE-F5F6-4539-97EC-5157F67FD055"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"1B19E2F5-A96A-45E5-B625-435C5951BEB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"29A3E3E6-68EF-43E6-9AB3-AD52FCADE57F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.11","matchCriteriaId":"5C1D3765-2301-4C60-BC5E-865650E214E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_beast:-:*:*:*:*:*:*:*","matchCriteriaId":"82A0A6D7-4361-49AD-87E3-3FB32A958C4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"16AF18D8-1301-4B8D-AD23-5EF5BB2182AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_2:-:*:*:*:*:*:*:*","matchCriteriaId":"5FC98765-1006-49C1-9464-92428738170A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"522AF8E6-5095-42D0-AAC5-38DBC76536F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_4:-:*:*:*:*:*:*:*","matchCriteriaId":"A68133D0-7571-4E6C-A5F5-AAD2DFE91B80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"3ACD7950-1346-460C-9B07-6A57103E1298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"DF0AD026-E7CD-4783-8B5B-BF50CFEF8F37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"0B75FAFD-6176-4B36-85B9-9D9FB314FCF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_4:-:*:*:*:*:*:*:*","matchCriteriaId":"6A57444B-B60E-4AE0-A198-C85546D94126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"DA7EECEA-6628-4CD7-A336-78D8AEBD049A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_8:-:*:*:*:*:*:*:*","matchCriteriaId":"63EC6593-E65D-4287-BB47-0EC53BCA7BAB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34909","sourceIdentifier":"support@hackerone.com","published":"2026-05-22T02:16:34.390","lastModified":"2026-06-24T14:49:53.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi OS Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"Express","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.0.14","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-SE","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Beast","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.11","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"EFG","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDW","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR-5G","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"Express 7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Instant","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR-Core","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-8","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCKP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK-Enterprise","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Fiber","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Industrial","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-34909","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-06-23","cisaActionDue":"2026-06-26","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Ubiquiti UniFi OS Path Traversal Vulnerability","weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"660F20FA-9862-4FE1-8C27-0AEAEE2F2A69"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"37D51815-9B4B-4753-9907-141E183A29AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-:*:*:*:*:*:*:*","matchCriteriaId":"ABDECBF6-CB92-4AF6-A3AB-D4AA4635B688"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4C302996-B127-48DD-9652-44C120351EE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:*","matchCriteriaId":"33E04DDA-88A0-47C1-8AE2-2F59B1A08BAF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"B6C4EB63-3ED5-4A5E-9C70-446159333C34"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"B493983E-8632-4492-9B0A-E8E11E0E0BB2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"FFDF1A5E-2127-4F22-88FE-72185E1D102D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:*","matchCriteriaId":"DEF52155-86F1-458A-8B7E-355B67C5C819"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"131427ED-219F-44D7-AF4C-1EE2EBF0C0FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro_max:-:*:*:*:*:*:*:*","matchCriteriaId":"60808A48-C41A-448F-97C4-B1CD8DCCB4DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CDD13CAB-C444-43CF-8E56-D3B3EF5208FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_fortress_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"8C87C188-7982-4DFF-98F1-58511360F3E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4991C6F7-E443-4CA3-8EA5-C71D1252B300"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B6514E-2878-4AEE-BF1E-08B804C069FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8D73F0DB-0E95-44B0-9CC0-BFEBB0582ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FF6A5E-A223-4F57-9FFD-F2AE473B3627"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"9BAF5DAD-7403-4811-B2F3-490F72CB5C0D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_7:-:*:*:*:*:*:*:*","matchCriteriaId":"A41E5541-FC13-430C-BDCA-CC677B372D7F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"56E176C6-07DB-4E14-B41C-4AC34CAAC1B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_express_7:-:*:*:*:*:*:*:*","matchCriteriaId":"5CD0201D-D5C9-4CE7-A302-467F602D73D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"7EC49DF3-4CB0-491E-A4E9-46EE6C2CDD3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"A5D7AF0C-CF50-485D-8471-9AB1AA6471CA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"D83F4DFB-C975-4E3C-A045-AAE24EB7C54F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"87FB08DA-35EA-4C27-AA5F-2B7AE25D58FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E78B7448-6777-4488-BDA9-C0514FC7BB6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_instant:-:*:*:*:*:*:*:*","matchCriteriaId":"FC8EB74F-F32A-4A5E-B613-58F2F7BC24CB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFB1B14-CFB2-45D3-AA35-FBA93A4D5606"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"348BBC75-CA5B-4B38-A2CF-28313B7168F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CA783309-29D0-40C6-9B4A-D961A486CBCC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"2C468BFA-A87B-4A3F-B12C-B3BCE225167C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"20690D42-B607-4E40-8D87-B8715838BD1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_max:-:*:*:*:*:*:*:*","matchCriteriaId":"022225AB-7AF9-4F7A-97A2-CD8700DEA087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"0C1DF011-B148-4706-90D9-55DB0FD9A3E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-:*:*:*:*:*:*:*","matchCriteriaId":"01C00466-E414-4DF7-8752-93D3D77C5104"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8F12DAB1-E58E-4044-A799-792A3DD59642"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_5g_max:-:*:*:*:*:*:*:*","matchCriteriaId":"EA957B87-E4D2-4B7C-AC27-200BFC44477E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"47600BC6-7DDF-4ABA-A0C6-1E3C6C4E67B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder_core:-:*:*:*:*:*:*:*","matchCriteriaId":"BD22580F-1E63-48F0-BE9C-1EA9328DD539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"29802116-2569-4863-B830-AF6C054BCDE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*","matchCriteriaId":"4C4ED829-08E6-4330-B105-DC01A3159C90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"638BF6B4-4DBF-43C7-A355-3FE897029F2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey:-:*:*:*:*:*:*:*","matchCriteriaId":"A484BC77-24D3-423F-AC16-3341C3396BA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E132D457-330E-43DF-BC6D-956A9C65E9C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey_enterprise:-:*:*:*:*:*:*:*","matchCriteriaId":"DDD7812E-3548-4B2C-9416-DEE0985AB07C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFBED72-FDF6-4487-B6FA-AEF0BBA7BF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FF59AE-F5F6-4539-97EC-5157F67FD055"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"1B19E2F5-A96A-45E5-B625-435C5951BEB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"29A3E3E6-68EF-43E6-9AB3-AD52FCADE57F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.11","matchCriteriaId":"5C1D3765-2301-4C60-BC5E-865650E214E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_beast:-:*:*:*:*:*:*:*","matchCriteriaId":"82A0A6D7-4361-49AD-87E3-3FB32A958C4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"16AF18D8-1301-4B8D-AD23-5EF5BB2182AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_2:-:*:*:*:*:*:*:*","matchCriteriaId":"5FC98765-1006-49C1-9464-92428738170A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"522AF8E6-5095-42D0-AAC5-38DBC76536F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_4:-:*:*:*:*:*:*:*","matchCriteriaId":"A68133D0-7571-4E6C-A5F5-AAD2DFE91B80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"3ACD7950-1346-460C-9B07-6A57103E1298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"DF0AD026-E7CD-4783-8B5B-BF50CFEF8F37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"0B75FAFD-6176-4B36-85B9-9D9FB314FCF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_4:-:*:*:*:*:*:*:*","matchCriteriaId":"6A57444B-B60E-4AE0-A198-C85546D94126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"DA7EECEA-6628-4CD7-A336-78D8AEBD049A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_8:-:*:*:*:*:*:*:*","matchCriteriaId":"63EC6593-E65D-4287-BB47-0EC53BCA7BAB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_express_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.14","matchCriteriaId":"5C77E9DE-FA81-4097-B24A-CA2C76C8B129"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_express:-:*:*:*:*:*:*:*","matchCriteriaId":"E793FAA6-55B5-4C10-84EA-0A3EFDAEF5E2"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34910","sourceIdentifier":"support@hackerone.com","published":"2026-05-22T02:16:34.527","lastModified":"2026-06-24T14:49:47.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi OS Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-SE","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Beast","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.11","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"EFG","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDW","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR-5G","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"Express 7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Instant","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR-Core","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-8","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCKP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK-Enterprise","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Fiber","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Industrial","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T00:00:00+00:00","id":"CVE-2026-34910","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-06-23","cisaActionDue":"2026-06-26","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Ubiquiti UniFi OS Improper Input Validation Vulnerability","weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"660F20FA-9862-4FE1-8C27-0AEAEE2F2A69"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"37D51815-9B4B-4753-9907-141E183A29AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-:*:*:*:*:*:*:*","matchCriteriaId":"ABDECBF6-CB92-4AF6-A3AB-D4AA4635B688"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4C302996-B127-48DD-9652-44C120351EE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:*","matchCriteriaId":"33E04DDA-88A0-47C1-8AE2-2F59B1A08BAF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"B6C4EB63-3ED5-4A5E-9C70-446159333C34"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"B493983E-8632-4492-9B0A-E8E11E0E0BB2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"FFDF1A5E-2127-4F22-88FE-72185E1D102D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:*","matchCriteriaId":"DEF52155-86F1-458A-8B7E-355B67C5C819"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"131427ED-219F-44D7-AF4C-1EE2EBF0C0FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro_max:-:*:*:*:*:*:*:*","matchCriteriaId":"60808A48-C41A-448F-97C4-B1CD8DCCB4DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CDD13CAB-C444-43CF-8E56-D3B3EF5208FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_fortress_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"8C87C188-7982-4DFF-98F1-58511360F3E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4991C6F7-E443-4CA3-8EA5-C71D1252B300"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B6514E-2878-4AEE-BF1E-08B804C069FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8D73F0DB-0E95-44B0-9CC0-BFEBB0582ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FF6A5E-A223-4F57-9FFD-F2AE473B3627"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"9BAF5DAD-7403-4811-B2F3-490F72CB5C0D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_7:-:*:*:*:*:*:*:*","matchCriteriaId":"A41E5541-FC13-430C-BDCA-CC677B372D7F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"56E176C6-07DB-4E14-B41C-4AC34CAAC1B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_express_7:-:*:*:*:*:*:*:*","matchCriteriaId":"5CD0201D-D5C9-4CE7-A302-467F602D73D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"7EC49DF3-4CB0-491E-A4E9-46EE6C2CDD3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"A5D7AF0C-CF50-485D-8471-9AB1AA6471CA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"D83F4DFB-C975-4E3C-A045-AAE24EB7C54F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"87FB08DA-35EA-4C27-AA5F-2B7AE25D58FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E78B7448-6777-4488-BDA9-C0514FC7BB6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_instant:-:*:*:*:*:*:*:*","matchCriteriaId":"FC8EB74F-F32A-4A5E-B613-58F2F7BC24CB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFB1B14-CFB2-45D3-AA35-FBA93A4D5606"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"348BBC75-CA5B-4B38-A2CF-28313B7168F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CA783309-29D0-40C6-9B4A-D961A486CBCC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"2C468BFA-A87B-4A3F-B12C-B3BCE225167C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"20690D42-B607-4E40-8D87-B8715838BD1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_max:-:*:*:*:*:*:*:*","matchCriteriaId":"022225AB-7AF9-4F7A-97A2-CD8700DEA087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"0C1DF011-B148-4706-90D9-55DB0FD9A3E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-:*:*:*:*:*:*:*","matchCriteriaId":"01C00466-E414-4DF7-8752-93D3D77C5104"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8F12DAB1-E58E-4044-A799-792A3DD59642"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_5g_max:-:*:*:*:*:*:*:*","matchCriteriaId":"EA957B87-E4D2-4B7C-AC27-200BFC44477E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"47600BC6-7DDF-4ABA-A0C6-1E3C6C4E67B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder_core:-:*:*:*:*:*:*:*","matchCriteriaId":"BD22580F-1E63-48F0-BE9C-1EA9328DD539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"29802116-2569-4863-B830-AF6C054BCDE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*","matchCriteriaId":"4C4ED829-08E6-4330-B105-DC01A3159C90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"638BF6B4-4DBF-43C7-A355-3FE897029F2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey:-:*:*:*:*:*:*:*","matchCriteriaId":"A484BC77-24D3-423F-AC16-3341C3396BA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E132D457-330E-43DF-BC6D-956A9C65E9C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey_enterprise:-:*:*:*:*:*:*:*","matchCriteriaId":"DDD7812E-3548-4B2C-9416-DEE0985AB07C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFBED72-FDF6-4487-B6FA-AEF0BBA7BF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FF59AE-F5F6-4539-97EC-5157F67FD055"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"1B19E2F5-A96A-45E5-B625-435C5951BEB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"29A3E3E6-68EF-43E6-9AB3-AD52FCADE57F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.11","matchCriteriaId":"5C1D3765-2301-4C60-BC5E-865650E214E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_beast:-:*:*:*:*:*:*:*","matchCriteriaId":"82A0A6D7-4361-49AD-87E3-3FB32A958C4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"16AF18D8-1301-4B8D-AD23-5EF5BB2182AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_2:-:*:*:*:*:*:*:*","matchCriteriaId":"5FC98765-1006-49C1-9464-92428738170A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"522AF8E6-5095-42D0-AAC5-38DBC76536F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_4:-:*:*:*:*:*:*:*","matchCriteriaId":"A68133D0-7571-4E6C-A5F5-AAD2DFE91B80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"3ACD7950-1346-460C-9B07-6A57103E1298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"DF0AD026-E7CD-4783-8B5B-BF50CFEF8F37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"0B75FAFD-6176-4B36-85B9-9D9FB314FCF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_4:-:*:*:*:*:*:*:*","matchCriteriaId":"6A57444B-B60E-4AE0-A198-C85546D94126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"DA7EECEA-6628-4CD7-A336-78D8AEBD049A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_8:-:*:*:*:*:*:*:*","matchCriteriaId":"63EC6593-E65D-4287-BB47-0EC53BCA7BAB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-34911","sourceIdentifier":"support@hackerone.com","published":"2026-05-22T02:16:34.667","lastModified":"2026-06-24T15:15:58.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Ubiquiti Inc","product":"UniFi OS Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-SE","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Pro-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDM-Beast","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.11","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"EFG","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDW","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UDR-5G","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"Express 7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-Instant","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNVR-G2-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"ENVR-Core","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-2","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-4","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UNAS-Pro-8","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.10","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCKP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCK-Enterprise","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Max","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Fiber","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]},{"vendor":"Ubiquiti Inc","product":"UCG-Industrial","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T12:37:38.876728Z","id":"CVE-2026-34911","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.8","matchCriteriaId":"660F20FA-9862-4FE1-8C27-0AEAEE2F2A69"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"37D51815-9B4B-4753-9907-141E183A29AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-:*:*:*:*:*:*:*","matchCriteriaId":"ABDECBF6-CB92-4AF6-A3AB-D4AA4635B688"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4C302996-B127-48DD-9652-44C120351EE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:*","matchCriteriaId":"33E04DDA-88A0-47C1-8AE2-2F59B1A08BAF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"B6C4EB63-3ED5-4A5E-9C70-446159333C34"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"B493983E-8632-4492-9B0A-E8E11E0E0BB2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"FFDF1A5E-2127-4F22-88FE-72185E1D102D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:*","matchCriteriaId":"DEF52155-86F1-458A-8B7E-355B67C5C819"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"131427ED-219F-44D7-AF4C-1EE2EBF0C0FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_pro_max:-:*:*:*:*:*:*:*","matchCriteriaId":"60808A48-C41A-448F-97C4-B1CD8DCCB4DA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CDD13CAB-C444-43CF-8E56-D3B3EF5208FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_fortress_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"8C87C188-7982-4DFF-98F1-58511360F3E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4991C6F7-E443-4CA3-8EA5-C71D1252B300"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B6514E-2878-4AEE-BF1E-08B804C069FE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8D73F0DB-0E95-44B0-9CC0-BFEBB0582ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FF6A5E-A223-4F57-9FFD-F2AE473B3627"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"9BAF5DAD-7403-4811-B2F3-490F72CB5C0D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_7:-:*:*:*:*:*:*:*","matchCriteriaId":"A41E5541-FC13-430C-BDCA-CC677B372D7F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"56E176C6-07DB-4E14-B41C-4AC34CAAC1B7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_express_7:-:*:*:*:*:*:*:*","matchCriteriaId":"5CD0201D-D5C9-4CE7-A302-467F602D73D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"7EC49DF3-4CB0-491E-A4E9-46EE6C2CDD3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"A5D7AF0C-CF50-485D-8471-9AB1AA6471CA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"D83F4DFB-C975-4E3C-A045-AAE24EB7C54F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"87FB08DA-35EA-4C27-AA5F-2B7AE25D58FA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E78B7448-6777-4488-BDA9-C0514FC7BB6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_instant:-:*:*:*:*:*:*:*","matchCriteriaId":"FC8EB74F-F32A-4A5E-B613-58F2F7BC24CB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFB1B14-CFB2-45D3-AA35-FBA93A4D5606"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder:-:*:*:*:*:*:*:*","matchCriteriaId":"348BBC75-CA5B-4B38-A2CF-28313B7168F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"CA783309-29D0-40C6-9B4A-D961A486CBCC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"2C468BFA-A87B-4A3F-B12C-B3BCE225167C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"20690D42-B607-4E40-8D87-B8715838BD1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_max:-:*:*:*:*:*:*:*","matchCriteriaId":"022225AB-7AF9-4F7A-97A2-CD8700DEA087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"0C1DF011-B148-4706-90D9-55DB0FD9A3E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-:*:*:*:*:*:*:*","matchCriteriaId":"01C00466-E414-4DF7-8752-93D3D77C5104"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"8F12DAB1-E58E-4044-A799-792A3DD59642"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_router_5g_max:-:*:*:*:*:*:*:*","matchCriteriaId":"EA957B87-E4D2-4B7C-AC27-200BFC44477E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"47600BC6-7DDF-4ABA-A0C6-1E3C6C4E67B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:enterprise_network_video_recorder_core:-:*:*:*:*:*:*:*","matchCriteriaId":"BD22580F-1E63-48F0-BE9C-1EA9328DD539"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"29802116-2569-4863-B830-AF6C054BCDE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*","matchCriteriaId":"4C4ED829-08E6-4330-B105-DC01A3159C90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"638BF6B4-4DBF-43C7-A355-3FE897029F2D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey:-:*:*:*:*:*:*:*","matchCriteriaId":"A484BC77-24D3-423F-AC16-3341C3396BA1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"E132D457-330E-43DF-BC6D-956A9C65E9C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_cloudkey_enterprise:-:*:*:*:*:*:*:*","matchCriteriaId":"DDD7812E-3548-4B2C-9416-DEE0985AB07C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"4FFBED72-FDF6-4487-B6FA-AEF0BBA7BF07"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2:-:*:*:*:*:*:*:*","matchCriteriaId":"E1FF59AE-F5F6-4539-97EC-5157F67FD055"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.12","matchCriteriaId":"1B19E2F5-A96A-45E5-B625-435C5951BEB0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"29A3E3E6-68EF-43E6-9AB3-AD52FCADE57F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.11","matchCriteriaId":"5C1D3765-2301-4C60-BC5E-865650E214E5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unifi_dream_machine_beast:-:*:*:*:*:*:*:*","matchCriteriaId":"82A0A6D7-4361-49AD-87E3-3FB32A958C4E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"16AF18D8-1301-4B8D-AD23-5EF5BB2182AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_2:-:*:*:*:*:*:*:*","matchCriteriaId":"5FC98765-1006-49C1-9464-92428738170A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"522AF8E6-5095-42D0-AAC5-38DBC76536F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_4:-:*:*:*:*:*:*:*","matchCriteriaId":"A68133D0-7571-4E6C-A5F5-AAD2DFE91B80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"3ACD7950-1346-460C-9B07-6A57103E1298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"DF0AD026-E7CD-4783-8B5B-BF50CFEF8F37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"0B75FAFD-6176-4B36-85B9-9D9FB314FCF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_4:-:*:*:*:*:*:*:*","matchCriteriaId":"6A57444B-B60E-4AE0-A198-C85546D94126"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.10","matchCriteriaId":"DA7EECEA-6628-4CD7-A336-78D8AEBD049A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ui:unas_pro_8:-:*:*:*:*:*:*:*","matchCriteriaId":"63EC6593-E65D-4287-BB47-0EC53BCA7BAB"}]}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2651","sourceIdentifier":"security@huntr.dev","published":"2026-05-25T07:16:15.100","lastModified":"2026-06-27T05:16:43.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"mlflow","product":"mlflow/mlflow","versions":[{"version":"unspecified","lessThan":"3.10.0","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-26T00:00:00+00:00","id":"CVE-2026-2651","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1220"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10.1","matchCriteriaId":"C1C49CD5-5BB0-422B-9A71-5A6832DF6713"}]}]}],"references":[{"url":"https://github.com/mlflow/mlflow/commit/d7290811d8f3c95366d80109424edc1fb1ad966f","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f78f83dc","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-2651","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481117","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://huntr.com/bounties/65beb119-d3e0-4e03-af2f-fa98f78f83dc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2651.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-45834","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-26T17:16:48.073","lastModified":"2026-06-26T18:57:39.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()\n\nAdd the same NULL guard already present in\nl2cap_sock_resume_cb() and l2cap_sock_ready_cb()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"1b1c0da227bf63479bac9982fc8d12df9aaea0fb","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"85426e97dc72f2088ba6d27e74cd58c3fbd43e31","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"0c17c8832562b2aac288e89cefd0f46074f54bcb","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"5105f3e6b2df619c635b5f6a49fac131a36c7952","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"c88c185ae0a1067823661b220aeea613df2c127b","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"1810e42ff6716f320c7269d5850eca48b07b7427","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"a2dcf1a61d056aef15b63c6eae9441344d624389","versionType":"git","status":"affected"},{"version":"89bc500e41fc5b48e0573e6b0d927fc97b8951dc","lessThan":"2ff1a41a912de8517b4482e946dd951b7d80edbf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c17c8832562b2aac288e89cefd0f46074f54bcb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1810e42ff6716f320c7269d5850eca48b07b7427","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b1c0da227bf63479bac9982fc8d12df9aaea0fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ff1a41a912de8517b4482e946dd951b7d80edbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5105f3e6b2df619c635b5f6a49fac131a36c7952","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85426e97dc72f2088ba6d27e74cd58c3fbd43e31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2dcf1a61d056aef15b63c6eae9441344d624389","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c88c185ae0a1067823661b220aeea613df2c127b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45835","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-26T17:16:48.227","lastModified":"2026-06-26T19:01:20.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()\n\nAdd the same NULL guard already present in\nl2cap_sock_resume_cb() and l2cap_sock_ready_cb()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"140b63cb46f2855ac4ec8fba2f1e974a9c2974e8","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"2422eaed0925973c0f318c94eb13e76f14c7381e","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"684a1f9ee2325437ae18ac5371884e4c6a25ae73","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"ab77c8bc30269bee15d917059a66bea48909f5f0","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"bc3bb9f40da8e53896abc2d29c6d0c6686fe4ab9","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"741e6024e31587b0c021b6616a9e428a4ea0b64a","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"76083fb80f5a38ac13326b2d810f66bd07771eea","versionType":"git","status":"affected"},{"version":"80808e431e1ef25856457de82ce141bed6a6313a","lessThan":"0a120d96166301d7a95be75b52f843837dbd1219","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a120d96166301d7a95be75b52f843837dbd1219","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/140b63cb46f2855ac4ec8fba2f1e974a9c2974e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2422eaed0925973c0f318c94eb13e76f14c7381e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/684a1f9ee2325437ae18ac5371884e4c6a25ae73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/741e6024e31587b0c021b6616a9e428a4ea0b64a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76083fb80f5a38ac13326b2d810f66bd07771eea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab77c8bc30269bee15d917059a66bea48909f5f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc3bb9f40da8e53896abc2d29c6d0c6686fe4ab9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45836","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-26T17:16:50.813","lastModified":"2026-06-26T19:01:35.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()\n\nAdd the same NULL guard already present in\nl2cap_sock_resume_cb() and l2cap_sock_ready_cb()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"fd072f833147b0bc10c43a454624cb99d02f3fc7","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"6e8d1a2a677a81caa60cf0aabd4217bd585fbba1","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"e1863e7480feddb90125d0dd5a1b572972d75908","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"cf1fd517f892ded88168df878f834b625133f86d","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"58dc5e3d8768e121907608e6e196a908512fb083","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"32bd343803d4ba47cc516f9d5f037f01b855d767","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"a93d66907dd4d29b65c9797a93784bf61906d6d6","versionType":"git","status":"affected"},{"version":"8d836d71e2223b8961b21112bb4ce89ef8231682","lessThan":"78a88d43dab8d23aeef934ed8ce34d40e6b3d613","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.258","matchCriteriaId":"5719375F-EF0E-4109-B597-92834B5F4367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.90","matchCriteriaId":"3BAAA2BE-6EEC-45D5-AD66-50F63CA20483"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/32bd343803d4ba47cc516f9d5f037f01b855d767","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/58dc5e3d8768e121907608e6e196a908512fb083","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e8d1a2a677a81caa60cf0aabd4217bd585fbba1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78a88d43dab8d23aeef934ed8ce34d40e6b3d613","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a93d66907dd4d29b65c9797a93784bf61906d6d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf1fd517f892ded88168df878f834b625133f86d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1863e7480feddb90125d0dd5a1b572972d75908","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd072f833147b0bc10c43a454624cb99d02f3fc7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45837","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.020","lastModified":"2026-06-26T19:09:14.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in arena_vm_close on fork\n\narena_vm_open() only bumps vml->mmap_count but never registers the\nchild VMA in arena->vma_list. The vml->vma always points at the\nparent VMA, so after parent munmap the pointer dangles. If the child\nthen calls bpf_arena_free_pages(), zap_pages() reads the stale\nvml->vma triggering use-after-free.\n\nFix this by preventing the arena VMA from being inherited across\nfork with VM_DONTCOPY, and preventing VMA splits via the may_split\ncallback.\n\nAlso reject mremap with a .mremap callback returning -EINVAL. A\nsame-size mremap(MREMAP_FIXED) on the full arena VMA reaches\ncopy_vma() through the following path:\n\n  check_prep_vma()       - returns 0 early: new_len == old_len\n                           skips VM_DONTEXPAND check\n  prep_move_vma()        - vm_start == old_addr and\n                           vm_end == old_addr + old_len\n                           so may_split is never called\n  move_vma()\n    copy_vma_and_data()\n      copy_vma()\n        vm_area_dup()    - copies vm_private_data (vml pointer)\n        vm_ops->open()   - bumps vml->mmap_count\n      vm_ops->mremap()   - returns -EINVAL, rollback unmaps new VMA\n\nThe refcount ensures the rollback's arena_vm_close does not free\nthe vml shared with the original VMA."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/arena.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"723b9fa930cc277c15ce6b9ec9feec828cfac9d7","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"d18099f19e53250f8ad2801498b88cec29d9107a","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"201128fcc7b213d27ab77bc4e89488b41796480f","versionType":"git","status":"affected"},{"version":"317460317a02a1af512697e6e964298dedd8a163","lessThan":"4fddde2a732de60bb97e3307d4eb69ac5f1d2b74","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/arena.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.88","matchCriteriaId":"4CCB4364-CBF5-40DD-AB08-D4665BBE06FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/201128fcc7b213d27ab77bc4e89488b41796480f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fddde2a732de60bb97e3307d4eb69ac5f1d2b74","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/723b9fa930cc277c15ce6b9ec9feec828cfac9d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d18099f19e53250f8ad2801498b88cec29d9107a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45838","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.130","lastModified":"2026-06-26T19:09:03.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix end-of-list detection in cgroup_storage_get_next_key()\n\nlist_next_entry() never returns NULL -- when the current element is the\nlast entry it wraps to the list head via container_of(). The subsequent\nNULL check is therefore dead code and get_next_key() never returns\n-ENOENT for the last element, instead reading storage->key from a bogus\npointer that aliases internal map fields and copying the result to\nuserspace.\n\nReplace it with list_entry_is_head() so the function correctly returns\n-ENOENT when there are no more entries."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/local_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"0f3d9dd5e1fd52b39e25328307c6a694e994ffe3","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"26d3339e465e54107bd85884341d1609c5300d6a","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"b4b5a20bed82130da2f2818f04d52378952fbd0b","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"85a2f30e40f7468db732f55659bc6318874f49af","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"32ce55d424395904986f5066f8755f6cb9993377","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"fc39753b7f92e09177777e9c648afe5aa3abb81f","versionType":"git","status":"affected"},{"version":"de9cbbaadba5adf88a19e46df61f7054000838f6","lessThan":"5828b9e5b272ecff7cf5d345128d3de7324117f7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/local_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.258","matchCriteriaId":"80C72BB7-F8C5-4503-80AB-CDC8ED7CBECF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f3d9dd5e1fd52b39e25328307c6a694e994ffe3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26d3339e465e54107bd85884341d1609c5300d6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c88b2d96e1d4d0c7c4589a4593d4cdee6d332d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/32ce55d424395904986f5066f8755f6cb9993377","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5828b9e5b272ecff7cf5d345128d3de7324117f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85a2f30e40f7468db732f55659bc6318874f49af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4b5a20bed82130da2f2818f04d52378952fbd0b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc39753b7f92e09177777e9c648afe5aa3abb81f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45839","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.247","lastModified":"2026-06-26T19:08:05.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()\n\nCO-RE accessor strings are colon-separated indices that describe a path\nfrom a root BTF type to a target field, e.g. \"0:1:2\" walks through\nnested struct members. bpf_core_parse_spec() parses each component with\nsscanf(\"%d\"), so negative values like -1 are silently accepted.  The\nsubsequent bounds checks (access_idx >= btf_vlen(t)) only guard the\nupper bound and always pass for negative values because C integer\npromotion converts the __u16 btf_vlen result to int, making the\ncomparison (int)(-1) >= (int)(N) false for any positive N.\n\nWhen -1 reaches btf_member_bit_offset() it gets cast to u32 0xffffffff,\nproducing an out-of-bounds read far past the members array.  A crafted\nBPF program with a negative CO-RE accessor on any struct that exists in\nvmlinux BTF (e.g. task_struct) crashes the kernel deterministically\nduring BPF_PROG_LOAD on any system with CONFIG_DEBUG_INFO_BTF=y\n(default on major distributions).  The bug is reachable with CAP_BPF:\n\n BUG: unable to handle page fault for address: ffffed11818b6626\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n Oops: Oops: 0000 [#1] SMP KASAN NOPTI\n CPU: 0 UID: 0 PID: 85 Comm: poc Not tainted 7.0.0-rc6 #18 PREEMPT(full)\n RIP: 0010:bpf_core_parse_spec (tools/lib/bpf/relo_core.c:354)\n RAX: 00000000ffffffff\n Call Trace:\n  <TASK>\n  bpf_core_calc_relo_insn (tools/lib/bpf/relo_core.c:1321)\n  bpf_core_apply (kernel/bpf/btf.c:9507)\n  check_core_relo (kernel/bpf/verifier.c:19475)\n  bpf_check (kernel/bpf/verifier.c:26031)\n  bpf_prog_load (kernel/bpf/syscall.c:3089)\n  __sys_bpf (kernel/bpf/syscall.c:6228)\n  </TASK>\n\nCO-RE accessor indices are inherently non-negative (struct member index,\narray element index, or enumerator index), so reject them immediately\nafter parsing."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["tools/lib/bpf/relo_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"a9e777f856cd2f1efc106afc7bf21aef868509d5","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"669349b4612c26b3d7aacfa99d7174681bd19223","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"3ff85ae79e1a74baeb916b78a63d821f6d19a994","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"36a9012f76ba8d9189ae56a1f8bb7c87c07a1f3a","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"76f2ebaf79a9ae6d0737b87f045fe769e425d78f","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"99dbab7b5a12d8f58d5b0aa2f7a1fe656a70f4b2","versionType":"git","status":"affected"},{"version":"ddc7c3042614e273044f698d2beab25cc3842d45","lessThan":"1c22483a2c4bbf747787f328392ca3e68619c4dc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["tools/lib/bpf/relo_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.15.209","matchCriteriaId":"CA814827-273B-405B-91F6-4B1C750F3C12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c22483a2c4bbf747787f328392ca3e68619c4dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36a9012f76ba8d9189ae56a1f8bb7c87c07a1f3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3ff85ae79e1a74baeb916b78a63d821f6d19a994","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/669349b4612c26b3d7aacfa99d7174681bd19223","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76f2ebaf79a9ae6d0737b87f045fe769e425d78f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/99dbab7b5a12d8f58d5b0aa2f7a1fe656a70f4b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9e777f856cd2f1efc106afc7bf21aef868509d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45840","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.363","lastModified":"2026-06-26T18:56:58.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: cap upcall PID array size and pre-size vport replies\n\nThe vport netlink reply helpers allocate a fixed-size skb with\nnlmsg_new(NLMSG_DEFAULT_SIZE, ...) but serialize the full upcall PID\narray via ovs_vport_get_upcall_portids().  Since\novs_vport_set_upcall_portids() accepts any non-zero multiple of\nsizeof(u32) with no upper bound, a CAP_NET_ADMIN user can install a PID\narray large enough to overflow the reply buffer, causing nla_put() to\nfail with -EMSGSIZE and hitting BUG_ON(err < 0).  On systems with\nunprivileged user namespaces enabled (e.g., Ubuntu default), this is\nreachable via unshare -Urn since OVS vport mutation operations use\nGENL_UNS_ADMIN_PERM.\n\n kernel BUG at net/openvswitch/datapath.c:2414!\n Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n CPU: 1 UID: 0 PID: 65 Comm: poc Not tainted 7.0.0-rc7-00195-geb216e422044 #1\n RIP: 0010:ovs_vport_cmd_set+0x34c/0x400\n Call Trace:\n  <TASK>\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116)\n  genl_rcv_msg (net/netlink/genetlink.c:1194)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  genl_rcv (net/netlink/genetlink.c:1219)\n  netlink_unicast (net/netlink/af_netlink.c:1344)\n  netlink_sendmsg (net/netlink/af_netlink.c:1894)\n  __sys_sendto (net/socket.c:2206)\n  __x64_sys_sendto (net/socket.c:2209)\n  do_syscall_64 (arch/x86/entry/syscall_64.c:63)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n  </TASK>\n Kernel panic - not syncing: Fatal exception\n\nReject attempts to set more PIDs than nr_cpu_ids in\novs_vport_set_upcall_portids(), and pre-compute the worst-case reply\nsize in ovs_vport_cmd_msg_size() based on that bound, similar to the\nexisting ovs_dp_cmd_msg_size().  nr_cpu_ids matches the cap already\nused by the per-CPU dispatch configuration on the datapath side\n(ovs_dp_cmd_fill_info() serialises at most nr_cpu_ids PIDs), so the\ntwo sides stay consistent."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/openvswitch/datapath.c","net/openvswitch/vport.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"8d59b80e69dddb665eb2de36e62859ab2073470e","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"d9e47e29aacb9f8a9d59feb6ab5b128a9bbb40b0","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"b39f763d720d623218bc1d95ace6855d7b474e81","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"f9ef3db77a383d66847fd082c2b437d8ae4d9c63","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"f99ac36b5d7c719d08a69fcdecce40f78a874e15","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"fa6e90bc443bed8dc0d55bc5ea5b27ffdfe37704","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"1d6c02b86329883aa467a3a61f8d34369db73a2f","versionType":"git","status":"affected"},{"version":"5cd667b0a4567048bb555927d6ee564f4e5620a9","lessThan":"2091c6aa0df6aba47deb5c8ab232b1cb60af3519","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/openvswitch/datapath.c","net/openvswitch/vport.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"5.10.258","matchCriteriaId":"37B46C04-3431-4B85-8620-D8CE4E2FDE0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d6c02b86329883aa467a3a61f8d34369db73a2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2091c6aa0df6aba47deb5c8ab232b1cb60af3519","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d59b80e69dddb665eb2de36e62859ab2073470e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b39f763d720d623218bc1d95ace6855d7b474e81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9e47e29aacb9f8a9d59feb6ab5b128a9bbb40b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f99ac36b5d7c719d08a69fcdecce40f78a874e15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9ef3db77a383d66847fd082c2b437d8ae4d9c63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa6e90bc443bed8dc0d55bc5ea5b27ffdfe37704","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45841","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.493","lastModified":"2026-06-26T18:52:56.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO\n\nnf_osf_match_one() computes ctx->window % f->wss.val in the\nOSF_WSS_MODULO branch with no guard for f->wss.val == 0. A\nCAP_NET_ADMIN user can add such a fingerprint via nfnetlink; a\nsubsequent matching TCP SYN divides by zero and panics the kernel.\n\nReject the bogus fingerprint in nfnl_osf_add_callback() above the\nper-option for-loop. f->wss is per-fingerprint, not per-option, so\nthe check must run regardless of f->opt_num (including 0). Also\nreject wss.wc >= OSF_WSS_MAX; nf_osf_match_one() already treats that\nas \"should not happen\".\n\nCrash:\n Oops: divide error: 0000 [#1] SMP KASAN NOPTI\n RIP: 0010:nf_osf_match_one (net/netfilter/nfnetlink_osf.c:98)\n Call Trace:\n <IRQ>\n  nf_osf_match (net/netfilter/nfnetlink_osf.c:220)\n  xt_osf_match_packet (net/netfilter/xt_osf.c:32)\n  ipt_do_table (net/ipv4/netfilter/ip_tables.c:348)\n  nf_hook_slow (net/netfilter/core.c:622)\n  ip_local_deliver (net/ipv4/ip_input.c:265)\n  ip_rcv (include/linux/skbuff.h:1162)\n  __netif_receive_skb_one_core (net/core/dev.c:6181)\n  process_backlog (net/core/dev.c:6642)\n  __napi_poll (net/core/dev.c:7710)\n  net_rx_action (net/core/dev.c:7945)\n  handle_softirqs (kernel/softirq.c:622)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"cb833bbc1b3c51e08652d3c86298307c07d3f2db","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"26900306a5a2c3e4f75c643a064525526bb6e5f3","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"0694618cf3e9b120666e31f5f383a6e466d95a0d","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"8def8fbd23f40e945febe913d04b731012ce0082","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"c55940895245d8ef658ab381248a28755218d625","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"fb965b1cfe92b28d28b5ebe3116b81dbef9f2d2f","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"9a05e195618a6d474f2bcd5b6376d0ffc2f00366","versionType":"git","status":"affected"},{"version":"11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384","lessThan":"2195574dc6d9017d32ac346987e12659f931d932","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nfnetlink_osf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.31","status":"affected"},{"version":"0","lessThan":"2.6.31","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.31","versionEndExcluding":"5.10.258","matchCriteriaId":"06FFC430-8D78-4549-B8DB-B37AFAF4D4D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0694618cf3e9b120666e31f5f383a6e466d95a0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2195574dc6d9017d32ac346987e12659f931d932","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26900306a5a2c3e4f75c643a064525526bb6e5f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8def8fbd23f40e945febe913d04b731012ce0082","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a05e195618a6d474f2bcd5b6376d0ffc2f00366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c55940895245d8ef658ab381248a28755218d625","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb833bbc1b3c51e08652d3c86298307c07d3f2db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb965b1cfe92b28d28b5ebe3116b81dbef9f2d2f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45842","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.600","lastModified":"2026-06-26T18:51:05.930","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nslip: reject VJ receive packets on instances with no rstate array\n\nslhc_init() accepts rslots == 0 as a valid configuration, with the\ndocumented meaning of 'no receive compression'. In that case the\nallocation loop in slhc_init() is skipped, so comp->rstate stays\nNULL and comp->rslot_limit stays 0 (from the kzalloc of struct\nslcompress).\n\nThe receive helpers do not defend against that configuration.\nslhc_uncompress() dereferences comp->rstate[x] when the VJ header\ncarries an explicit connection ID, and slhc_remember() later assigns\ncs = &comp->rstate[...] after only comparing the packet's slot number\nto comp->rslot_limit. Because rslot_limit is 0, slot 0 passes the\nrange check, and the code dereferences a NULL rstate.\n\nThe configuration is reachable in-tree through PPP. PPPIOCSMAXCID\nstores its argument in a signed int, and (val >> 16) uses arithmetic\nshift. Passing 0xffff0000 therefore sign-extends to -1, so val2 + 1\nis 0 and ppp_generic.c ends up calling slhc_init(0, 1). Because\n/dev/ppp open is gated by ns_capable(CAP_NET_ADMIN), the whole path\nis reachable from an unprivileged user namespace. Once the malformed\nVJ state is installed, any inbound VJ-compressed or VJ-uncompressed\nframe that selects slot 0 crashes the kernel in softirq context:\n\n Oops: general protection fault, probably for non-canonical\n       address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:slhc_uncompress (drivers/net/slip/slhc.c:519)\n Call Trace:\n  <TASK>\n  ppp_receive_nonmp_frame (drivers/net/ppp/ppp_generic.c:2466)\n  ppp_input (drivers/net/ppp/ppp_generic.c:2359)\n  ppp_async_process (drivers/net/ppp/ppp_async.c:492)\n  tasklet_action_common (kernel/softirq.c:926)\n  handle_softirqs (kernel/softirq.c:623)\n  run_ksoftirqd (kernel/softirq.c:1055)\n  smpboot_thread_fn (kernel/smpboot.c:160)\n  kthread (kernel/kthread.c:436)\n  ret_from_fork (arch/x86/kernel/process.c:164)\n  </TASK>\n\nReject the receive side on such instances instead of touching rstate.\nslhc_uncompress() falls through to its existing 'bad' label, which\nbumps sls_i_error and enters the toss state. slhc_remember() mirrors\nthat with an explicit sls_i_error increment followed by slhc_toss();\nthe sls_i_runt counter is not used here because a missing rstate is\nan internal configuration state, not a runt packet.\n\nThe transmit path is unaffected: the only in-tree caller that picks\nrslots from userspace (ppp_generic.c) still supplies tslots >= 1, and\nslip.c always calls slhc_init(16, 16), so comp->tstate remains valid\nand slhc_compress() continues to work."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/slip/slhc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"3d71c961febddd855d3ae9a519eeb96c8023f430","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"72304fec672e8aac9ee7b9c475db96b37cca8d8d","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"4aa9eca6fda2919027dfd7a7cc69334982d89586","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"c6980e8b1a86288167f34966fa5219031999b6f1","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"de42f86e2cf5028a97e74c25869d1a962b13c301","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"9e1ff0eead073c4f46d874ad2526b7dda5465faf","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"7b0d9e878ec2b21d99ae8051b3dda59cdb66c152","versionType":"git","status":"affected"},{"version":"4ab42d78e37a294ac7bc56901d563c642e03c4ae","lessThan":"e76607442d5b73e1ba6768f501ef815bb58c2c0e","versionType":"git","status":"affected"},{"version":"42fc512469e78939c1e419d3310c47de55bdcbb8","versionType":"git","status":"affected"},{"version":"df085f1cb3acd3d75408ff94f366983873bce7d2","versionType":"git","status":"affected"},{"version":"a1c3860d3c5fc62bd35f089bcb03f18a37242de9","versionType":"git","status":"affected"},{"version":"f82699de104eaf8a7ffc2849a566a94818dd8a3c","versionType":"git","status":"affected"},{"version":"354b254af5c1350de9586af75fe5a821b35bfb33","versionType":"git","status":"affected"},{"version":"5148857f5d4c812cc918cf4627f7880521e987eb","versionType":"git","status":"affected"},{"version":"82185755d90c8047c6f4b589c39998ff3d4ca3ad","versionType":"git","status":"affected"},{"version":"a50a93cc99286dc444c7e5ccc7dfb9d58c2d346d","versionType":"git","status":"affected"},{"version":"6b4fa561e26526c62636414d267342c945084f44","versionType":"git","status":"affected"},{"version":"2.6.32.70","lessThan":"2.6.33","versionType":"semver","status":"affected"},{"version":"3.2.75","lessThan":"3.3","versionType":"semver","status":"affected"},{"version":"3.4.111","lessThan":"3.5","versionType":"semver","status":"affected"},{"version":"3.10.96","lessThan":"3.11","versionType":"semver","status":"affected"},{"version":"3.12.53","lessThan":"3.13","versionType":"semver","status":"affected"},{"version":"3.14.60","lessThan":"3.15","versionType":"semver","status":"affected"},{"version":"3.18.27","lessThan":"3.19","versionType":"semver","status":"affected"},{"version":"4.1.17","lessThan":"4.2","versionType":"semver","status":"affected"},{"version":"4.3.5","lessThan":"4.4","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/slip/slhc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.4","status":"affected"},{"version":"0","lessThan":"4.4","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32.70","versionEndExcluding":"2.6.33","matchCriteriaId":"77E401B1-6C5C-4412-A4F3-41A8860E2C08"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.75","versionEndExcluding":"3.3","matchCriteriaId":"5638A0E8-3156-4172-8646-A06234434789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.111","versionEndExcluding":"3.5","matchCriteriaId":"E52E1F3C-10B4-4F40-8A2A-9594BC2B215D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.96","versionEndExcluding":"3.11","matchCriteriaId":"2D30AFF3-EA15-42C2-A3E0-8D98B6C41B08"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.53","versionEndExcluding":"3.13","matchCriteriaId":"E9F77506-D3BD-4C42-B6B3-A840F55A368C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.60","versionEndExcluding":"3.15","matchCriteriaId":"5194146E-93C8-405F-8D58-440F1FF8D1F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.27","versionEndExcluding":"3.19","matchCriteriaId":"14D92A66-8C70-4279-97AA-2054416F1C44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.17","versionEndExcluding":"4.2","matchCriteriaId":"E2E107F1-35B3-421F-8885-96D2886DA0D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.5","versionEndExcluding":"5.10.258","matchCriteriaId":"B091096A-4826-42F7-B5C8-50217550B8B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3d71c961febddd855d3ae9a519eeb96c8023f430","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4aa9eca6fda2919027dfd7a7cc69334982d89586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/72304fec672e8aac9ee7b9c475db96b37cca8d8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7b0d9e878ec2b21d99ae8051b3dda59cdb66c152","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e1ff0eead073c4f46d874ad2526b7dda5465faf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6980e8b1a86288167f34966fa5219031999b6f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/de42f86e2cf5028a97e74c25869d1a962b13c301","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e76607442d5b73e1ba6768f501ef815bb58c2c0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45843","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.743","lastModified":"2026-06-26T18:49:23.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nslip: bound decode() reads against the compressed packet length\n\nslhc_uncompress() parses a VJ-compressed TCP header by advancing a\npointer through the packet via decode() and pull16(). Neither helper\nbounds-checks against isize, and decode() masks its return with\n& 0xffff so it can never return the -1 that callers test for -- those\nerror paths are dead code.\n\nA short compressed frame whose change byte requests optional fields\nlets decode() read past the end of the packet. The over-read bytes\nare folded into the cached cstate and reflected into subsequent\nreconstructed packets.\n\nMake decode() and pull16() take the packet end pointer and return -1\nwhen exhausted. Add a bounds check before the TCP-checksum read.\nThe existing == -1 tests now do what they were always meant to."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/slip/slhc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6268f01ae989013671b526c883e92655342c6f6f","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9aafba2f49e1fcccc2018816f5836a609c925879","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"335957df4ed60f02a2ec0432fbedbf0cc7241d8b","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"37537e42e6df387398bee85cb85070cc80bb1e10","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4cefe32639933d652614b0bd50f818f9af4af78f","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0511ecb00e61bf28e2fec4bb41fcce385c3a3b2d","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d42bec6e4f6d6d658be365539400b3314b76b2a7","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/slip/slhc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0511ecb00e61bf28e2fec4bb41fcce385c3a3b2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/335957df4ed60f02a2ec0432fbedbf0cc7241d8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37537e42e6df387398bee85cb85070cc80bb1e10","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4cefe32639933d652614b0bd50f818f9af4af78f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6268f01ae989013671b526c883e92655342c6f6f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9aafba2f49e1fcccc2018816f5836a609c925879","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d42bec6e4f6d6d658be365539400b3314b76b2a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45844","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.847","lastModified":"2026-06-26T18:42:59.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: arp_tables: fix IEEE1394 ARP payload parsing\n\nWeiming Shi says:\n\n\"arp_packet_match() unconditionally parses the ARP payload assuming two\nhardware addresses are present (source and target). However,\nIPv4-over-IEEE1394 ARP (RFC 2734) omits the target hardware address\nfield, and arp_hdr_len() already accounts for this by returning a\nshorter length for ARPHRD_IEEE1394 devices.\n\nAs a result, on IEEE1394 interfaces arp_packet_match() advances past a\nnonexistent target hardware address and reads the wrong bytes for both\nthe target device address comparison and the target IP address. This\ncauses arptables rules to match against garbage data, leading to\nincorrect filtering decisions: packets that should be accepted may be\ndropped and vice versa.\n\nThe ARP stack in net/ipv4/arp.c (arp_create and arp_process) already\nhandles this correctly by skipping the target hardware address for\nARPHRD_IEEE1394. Apply the same pattern to arp_packet_match().\"\n\nMangle the original patch to always return 0 (no match) in case user\nmatches on the target hardware address which is never present in\nIEEE1394.\n\nNote that this returns 0 (no match) for either normal and inverse match\nbecause matching in the target hardware address in ARPHRD_IEEE1394 has\nnever been supported by arptables. This is intentional, matching on the\ntarget hardware address should never evaluate true for ARPHRD_IEEE1394.\n\nMoreover, adjust arpt_mangle to drop the packet too as AI suggests:\n\nIn arpt_mangle, the logic assumes a standard ARP layout. Because\nIEEE1394 (FireWire) omits the target hardware address, the linear\npointer arithmetic miscalculates the offset for the target IP address.\nThis causes mangling operations to write to the wrong location, leading\nto packet corruption. To ensure safety, this patch drops packets\n(NF_DROP) when mangling is requested for these fields on IEEE1394\ndevices, as the current implementation cannot correctly map the FireWire\nARP payload.\n\nThis omits both mangling target hardware and IP address. Even if IP\naddress mangling should be possible in IEEE1394, this would require\nto adjust arpt_mangle offset calculation, which has never been\nsupported.\n\nBased on patch from Weiming Shi <bestswngs@gmail.com>."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/netfilter/arp_tables.c","net/ipv4/netfilter/arpt_mangle.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"0f23a1457695f1a61f64367e39f0f9cfa29947d1","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"1e285362ef7096eb12733370d59e033f4a1d294a","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"84e8536c981338d0d8cc6e712cf71a936a93e13f","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"ad9973df8e0eeb123d9ec4d18828e05b7d44ff4b","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"03ea11dbefaa55c502735ee551c89ef773fe753b","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"1c55053f8ffdc060006df898fd3664e3d1bfac7b","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"ac698d81fd6619c7504cee913f1cab5285fba1b7","versionType":"git","status":"affected"},{"version":"6752c8db8e0cfedb44ba62806dd15b383ed64000","lessThan":"1e8e3f449b1e73b73a843257635b9c50f0cc0f0a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/netfilter/arp_tables.c","net/ipv4/netfilter/arpt_mangle.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.258","matchCriteriaId":"2613744A-9701-4F59-9E31-A20D7DCD14D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03ea11dbefaa55c502735ee551c89ef773fe753b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0f23a1457695f1a61f64367e39f0f9cfa29947d1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1c55053f8ffdc060006df898fd3664e3d1bfac7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e285362ef7096eb12733370d59e033f4a1d294a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e8e3f449b1e73b73a843257635b9c50f0cc0f0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84e8536c981338d0d8cc6e712cf71a936a93e13f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac698d81fd6619c7504cee913f1cab5285fba1b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad9973df8e0eeb123d9ec4d18828e05b7d44ff4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45845","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:23.960","lastModified":"2026-06-26T18:38:35.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: fix NULL pointer dereference in class dump\n\nWhen a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft()\nis called with new == NULL and stores NULL into q->qdiscs[cl - 1].\nSubsequent RTM_GETTCLASS dump operations walk all classes via\ntaprio_walk() and call taprio_dump_class(), which calls taprio_leaf()\nreturning the NULL pointer, then dereferences it to read child->handle,\ncausing a kernel NULL pointer dereference.\n\nThe bug is reachable with namespace-scoped CAP_NET_ADMIN on any kernel\nwith CONFIG_NET_SCH_TAPRIO enabled. On systems with unprivileged user\nnamespaces enabled, an unprivileged local user can trigger a kernel\npanic by creating a taprio qdisc inside a new network namespace,\ngrafting an explicit child qdisc, deleting it, and requesting a class\ndump. The RTM_GETTCLASS dump itself requires no capability.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:taprio_dump_class (net/sched/sch_taprio.c:2478)\n Call Trace:\n  <TASK>\n  tc_fill_tclass (net/sched/sch_api.c:1966)\n  qdisc_class_dump (net/sched/sch_api.c:2326)\n  taprio_walk (net/sched/sch_taprio.c:2514)\n  tc_dump_tclass_qdisc (net/sched/sch_api.c:2352)\n  tc_dump_tclass_root (net/sched/sch_api.c:2370)\n  tc_dump_tclass (net/sched/sch_api.c:2431)\n  rtnl_dumpit (net/core/rtnetlink.c:6864)\n  netlink_dump (net/netlink/af_netlink.c:2325)\n  rtnetlink_rcv_msg (net/core/rtnetlink.c:6959)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  </TASK>\n\nFix this by substituting &noop_qdisc when new is NULL in\ntaprio_graft(), a common pattern used by other qdiscs (e.g.,\nmultiq_graft()) to ensure the q->qdiscs[] slots are never NULL.\nThis makes control-plane dump paths safe without requiring individual\nNULL checks.\n\nSince the data-plane paths (taprio_enqueue and taprio_dequeue_from_txq)\npreviously had explicit NULL guards that would drop/skip the packet\ncleanly, update those checks to test for &noop_qdisc instead. Without\nthis, packets would reach taprio_enqueue_one() which increments the root\nqdisc's qlen and backlog before calling the child's enqueue; noop_qdisc\ndrops the packet but those counters are never rolled back, permanently\ninflating the root qdisc's statistics.\n\nAfter this change *old can be a valid qdisc, NULL, or &noop_qdisc.\nOnly call qdisc_put(*old) in the first case to avoid decreasing\nnoop_qdisc's refcount, which was never increased."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/sch_taprio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"665338b2a7a0139337d1f85be65ed16e487f84c1","lessThan":"ec2501e361b08b50bcb1e7b3253fc861abbda28d","versionType":"git","status":"affected"},{"version":"665338b2a7a0139337d1f85be65ed16e487f84c1","lessThan":"d02e2fbf60de46678e2ea698a6a904fd21e1cc31","versionType":"git","status":"affected"},{"version":"665338b2a7a0139337d1f85be65ed16e487f84c1","lessThan":"48b26d48e76221dc90b02bf5428bab53643461ca","versionType":"git","status":"affected"},{"version":"665338b2a7a0139337d1f85be65ed16e487f84c1","lessThan":"8f1ff8866cb9f655e5faea6994eb902960be8e04","versionType":"git","status":"affected"},{"version":"665338b2a7a0139337d1f85be65ed16e487f84c1","lessThan":"3d07ca5c0fae311226f737963984bd94bb159a87","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/sch_taprio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.141","matchCriteriaId":"B1FBBDC0-E953-426A-B1BA-4C86DE9A153B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3d07ca5c0fae311226f737963984bd94bb159a87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/48b26d48e76221dc90b02bf5428bab53643461ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8f1ff8866cb9f655e5faea6994eb902960be8e04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d02e2fbf60de46678e2ea698a6a904fd21e1cc31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec2501e361b08b50bcb1e7b3253fc861abbda28d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45846","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T11:16:24.083","lastModified":"2026-06-25T21:04:57.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\n\nbareudp_fill_metadata_dst() passes bareudp->sock to\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\nThe socket is only created in bareudp_open() and NULLed in\nbareudp_stop(), so calling this function while the device is down\ntriggers a NULL dereference via sock->sk.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\n Call Trace:\n  <TASK>\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\n  do_execute_actions (net/openvswitch/actions.c:901)\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  </TASK>\n\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\nin the same driver."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/bareudp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"31e010a106ff6cd8ccac4bfee547fd3fa1015574","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"55193df8d6d33318435f19572bf5ea47a22eee28","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"51eef9c072aa3405a6823a96ae666d38a3b48750","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"a0f4e4e8e0f5e24ddd83e3d1221732621cf34636","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"35a115a204be08f97450b0389413e218268ef4a2","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"74a02921c48fcd35a7881956c9e5c52b86595f5d","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"638905520fc4fae6a80991563f264131545ba3df","versionType":"git","status":"affected"},{"version":"571912c69f0ed731bd1e071ade9dc7ca4aa52065","lessThan":"aa6c6d9ee064aabfede4402fd1283424e649ca19","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/bareudp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.258","matchCriteriaId":"33983DD1-6F5C-4A20-A9AF-24DABFA46B60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/31e010a106ff6cd8ccac4bfee547fd3fa1015574","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/51eef9c072aa3405a6823a96ae666d38a3b48750","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/55193df8d6d33318435f19572bf5ea47a22eee28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71303","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:42.733","lastModified":"2026-06-25T21:04:45.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix race condition when checking rpm_on\n\nWhen autosuspend is triggered, driver rpm_on flag is set to indicate that\na suspend/resume is already in progress. However, when a userspace\napplication submits a command during this narrow window,\namdxdna_pm_resume_get() may incorrectly skip the resume operation because\nthe rpm_on flag is still set. This results in commands being submitted\nwhile the device has not actually resumed, causing unexpected behavior.\n\nThe set_dpm() is called by suspend/resume, it relied on rpm_on flag to\navoid calling into rpm suspend/resume recursivly. So to fix this, remove\nthe use of the rpm_on flag entirely. Instead, introduce aie2_pm_set_dpm()\nwhich explicitly resumes the device before invoking set_dpm(). With this\nchange, set_dpm() is called directly inside the suspend or resume execution\npath. Otherwise, aie2_pm_set_dpm() is called."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/accel/amdxdna/aie2_message.c","drivers/accel/amdxdna/aie2_pci.c","drivers/accel/amdxdna/aie2_pci.h","drivers/accel/amdxdna/aie2_pm.c","drivers/accel/amdxdna/aie2_smu.c","drivers/accel/amdxdna/amdxdna_pci_drv.h","drivers/accel/amdxdna/amdxdna_pm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"063db451832b8849faf1b0b8404b3a6a39995b29","lessThan":"e7cb75b6a5127d78298e39750b4f3185eca0dafc","versionType":"git","status":"affected"},{"version":"063db451832b8849faf1b0b8404b3a6a39995b29","lessThan":"00ffe45ece80160aef446d74ded906352f21dd72","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/accel/amdxdna/aie2_message.c","drivers/accel/amdxdna/aie2_pci.c","drivers/accel/amdxdna/aie2_pci.h","drivers/accel/amdxdna/aie2_pm.c","drivers/accel/amdxdna/aie2_smu.c","drivers/accel/amdxdna/amdxdna_pci_drv.h","drivers/accel/amdxdna/amdxdna_pm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/00ffe45ece80160aef446d74ded906352f21dd72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7cb75b6a5127d78298e39750b4f3185eca0dafc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71304","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:42.850","lastModified":"2026-06-25T21:04:41.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: /smack/doi: accept previously used values\n\nWriting to /smack/doi a value that has ever been\nwritten there in the past disables networking for\nnon-ambient labels.\nE.g.\n\n    # cat /smack/doi\n    3\n    # netlabelctl -p cipso list\n    Configured CIPSO mappings (1)\n     DOI value : 3\n       mapping type : PASS_THROUGH\n    # netlabelctl -p map list\n    Configured NetLabel domain mappings (3)\n     domain: \"_\" (IPv4)\n       protocol: UNLABELED\n     domain: DEFAULT (IPv4)\n       protocol: CIPSO, DOI = 3\n     domain: DEFAULT (IPv6)\n       protocol: UNLABELED\n\n    # cat /smack/ambient\n    _\n    # cat /proc/$$/attr/smack/current\n    _\n    # ping -c1 10.1.95.12\n    64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.964 ms\n    # echo foo >/proc/$$/attr/smack/current\n    # ping -c1 10.1.95.12\n    64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.956 ms\n    unknown option 86\n\n    # echo 4 >/smack/doi\n    # echo 3 >/smack/doi\n!>  [  214.050395] smk_cipso_doi:691 cipso add rc = -17\n    # echo 3 >/smack/doi\n!>  [  249.402261] smk_cipso_doi:678 remove rc = -2\n!>  [  249.402261] smk_cipso_doi:691 cipso add rc = -17\n\n    # ping -c1 10.1.95.12\n!!> ping: 10.1.95.12: Address family for hostname not supported\n\n    # echo _ >/proc/$$/attr/smack/current\n    # ping -c1 10.1.95.12\n    64 bytes from 10.1.95.12: icmp_seq=1 ttl=64 time=0.617 ms\n\nThis happens because Smack keeps decommissioned DOIs,\nfails to re-add them, and consequently refuses to add\nthe “default” domain map:\n\n    # netlabelctl -p cipso list\n    Configured CIPSO mappings (2)\n     DOI value : 3\n       mapping type : PASS_THROUGH\n     DOI value : 4\n       mapping type : PASS_THROUGH\n    # netlabelctl -p map list\n    Configured NetLabel domain mappings (2)\n     domain: \"_\" (IPv4)\n       protocol: UNLABELED\n!>  (no ipv4 map for default domain here)\n     domain: DEFAULT (IPv6)\n       protocol: UNLABELED\n\nFix by clearing decommissioned DOI definitions and\nserializing concurrent DOI updates with a new lock.\n\nAlso:\n- allow /smack/doi to live unconfigured, since\n  adding a map (netlbl_cfg_cipsov4_map_add) may fail.\n  CIPSO_V4_DOI_UNKNOWN(0) indicates the unconfigured DOI\n- add new DOI before removing the old default map,\n  so the old map remains if the add fails\n\n(2008-02-04, Casey Schaufler)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/smack/smackfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"eb718a3c8181ada679340db34cd61bce48e44749","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"6ec091c5c7eeabd249a7c46813cad1e9f555f859","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"199452f22d2f74b897fe826f81ec402b0a8461a0","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"1c7ee23dfcd18d80770d8f90f2ab5bb1b2bfd8a3","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"f8071500177f38cff38892bd85ac631cc6e010b2","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"5a247a84de0ba44edbbd6be851c8a6b2aa60ff85","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"8beebb8ad9a003f978e53b06237986588223e15e","versionType":"git","status":"affected"},{"version":"e114e473771c848c3cfec05f0123e70f1cdbdc99","lessThan":"33d589ed60ae433b483761987b85e0d24e54584e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/smack/smackfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.10.252","matchCriteriaId":"C84A76EC-E20E-48DD-966B-1ABC479AC45D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/199452f22d2f74b897fe826f81ec402b0a8461a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1c7ee23dfcd18d80770d8f90f2ab5bb1b2bfd8a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33d589ed60ae433b483761987b85e0d24e54584e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a247a84de0ba44edbbd6be851c8a6b2aa60ff85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ec091c5c7eeabd249a7c46813cad1e9f555f859","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8beebb8ad9a003f978e53b06237986588223e15e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb718a3c8181ada679340db34cd61bce48e44749","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8071500177f38cff38892bd85ac631cc6e010b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71305","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.000","lastModified":"2026-06-25T21:04:37.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/display/dp_mst: Add protection against 0 vcpi\n\nWhen releasing a timeslot there is a slight chance we may end up\nwith the wrong payload mask due to overflow if the delayed_destroy_work\nends up coming into play after a DP 2.1 monitor gets disconnected\nwhich causes vcpi to become 0 then we try to make the payload =\n~BIT(vcpi - 1) which is a negative shift. VCPI id should never\nreally be 0 hence skip changing the payload mask if VCPI is 0.\n\nOtherwise it leads to\n<7> [515.287237] xe 0000:03:00.0: [drm:drm_dp_mst_get_port_malloc\n[drm_display_helper]] port ffff888126ce9000 (3)\n<4> [515.287267] -----------[ cut here ]-----------\n<3> [515.287268] UBSAN: shift-out-of-bounds in\n../drivers/gpu/drm/display/drm_dp_mst_topology.c:4575:36\n<3> [515.287271] shift exponent -1 is negative\n<4> [515.287275] CPU: 7 UID: 0 PID: 3108 Comm: kworker/u64:33 Tainted: G\nS U 6.17.0-rc6-lgci-xe-xe-3795-3e79699fa1b216e92+ #1 PREEMPT(voluntary)\n<4> [515.287279] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n<4> [515.287279] Hardware name: ASUS System Product Name/PRIME Z790-P\nWIFI, BIOS 1645 03/15/2024\n<4> [515.287281] Workqueue: drm_dp_mst_wq drm_dp_delayed_destroy_work\n[drm_display_helper]\n<4> [515.287303] Call Trace:\n<4> [515.287304] <TASK>\n<4> [515.287306] dump_stack_lvl+0xc1/0xf0\n<4> [515.287313] dump_stack+0x10/0x20\n<4> [515.287316] __ubsan_handle_shift_out_of_bounds+0x133/0x2e0\n<4> [515.287324] ? drm_atomic_get_private_obj_state+0x186/0x1d0\n<4> [515.287333] drm_dp_atomic_release_time_slots.cold+0x17/0x3d\n[drm_display_helper]\n<4> [515.287355] mst_connector_atomic_check+0x159/0x180 [xe]\n<4> [515.287546] drm_atomic_helper_check_modeset+0x4d9/0xfa0\n<4> [515.287550] ? __ww_mutex_lock.constprop.0+0x6f/0x1a60\n<4> [515.287562] intel_atomic_check+0x119/0x2b80 [xe]\n<4> [515.287740] ? find_held_lock+0x31/0x90\n<4> [515.287747] ? lock_release+0xce/0x2a0\n<4> [515.287754] drm_atomic_check_only+0x6a2/0xb40\n<4> [515.287758] ? drm_atomic_add_affected_connectors+0x12b/0x140\n<4> [515.287765] drm_atomic_commit+0x6e/0xf0\n<4> [515.287766] ? _pfx__drm_printfn_info+0x10/0x10\n<4> [515.287774] drm_client_modeset_commit_atomic+0x25c/0x2b0\n<4> [515.287794] drm_client_modeset_commit_locked+0x60/0x1b0\n<4> [515.287795] ? mutex_lock_nested+0x1b/0x30\n<4> [515.287801] drm_client_modeset_commit+0x26/0x50\n<4> [515.287804] __drm_fb_helper_restore_fbdev_mode_unlocked+0xdc/0x110\n<4> [515.287810] drm_fb_helper_hotplug_event+0x120/0x140\n<4> [515.287814] drm_fbdev_client_hotplug+0x28/0xd0\n<4> [515.287819] drm_client_hotplug+0x6c/0xf0\n<4> [515.287824] drm_client_dev_hotplug+0x9e/0xd0\n<4> [515.287829] drm_kms_helper_hotplug_event+0x1a/0x30\n<4> [515.287834] drm_dp_delayed_destroy_work+0x3df/0x410\n[drm_display_helper]\n<4> [515.287861] process_one_work+0x22b/0x6f0\n<4> [515.287874] worker_thread+0x1e8/0x3d0\n<4> [515.287879] ? __pfx_worker_thread+0x10/0x10\n<4> [515.287882] kthread+0x11c/0x250\n<4> [515.287886] ? __pfx_kthread+0x10/0x10\n<4> [515.287890] ret_from_fork+0x2d7/0x310\n<4> [515.287894] ? __pfx_kthread+0x10/0x10\n<4> [515.287897] ret_from_fork_asm+0x1a/0x30"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/display/drm_dp_mst_topology.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"95dbd525efce2a9e9e1c50ad15213de644c85ad0","versionType":"git","status":"affected"},{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"ac9a7c329a5610051fc476644c9b9145a5965ecb","versionType":"git","status":"affected"},{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"3f44cdb5371faf225af37d5caba8f21ec0572469","versionType":"git","status":"affected"},{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"4d2ccdea18b564e3f73e3e543854acea64e6277d","versionType":"git","status":"affected"},{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"d6afc7539ce06dadfa5b4787b3cfe79b95d8f67a","versionType":"git","status":"affected"},{"version":"4d07b0bc403403438d9cf88450506240c5faf92f","lessThan":"342ccffd9f77fc29fe1c05fd145e4d842bd2feaa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/display/drm_dp_mst_topology.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.165","matchCriteriaId":"96EF3286-5BCE-4D88-B8C9-4292E5BA7A18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16","matchCriteriaId":"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/342ccffd9f77fc29fe1c05fd145e4d842bd2feaa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3f44cdb5371faf225af37d5caba8f21ec0572469","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d2ccdea18b564e3f73e3e543854acea64e6277d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95dbd525efce2a9e9e1c50ad15213de644c85ad0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac9a7c329a5610051fc476644c9b9145a5965ecb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6afc7539ce06dadfa5b4787b3cfe79b95d8f67a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71306","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.167","lastModified":"2026-06-25T21:04:28.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()\n\nKASAN reported a stack-out-of-bounds access in ima_appraise_measurement\nfrom is_bprm_creds_for_exec:\n\nBUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16a0\n Read of size 1 at addr ffffc9000160f940 by task sudo/550\nThe buggy address belongs to stack of task sudo/550\nand is located at offset 24 in frame:\n  ima_appraise_measurement+0x0/0x16a0\nThis frame has 2 objects:\n  [48, 56) 'file'\n  [80, 148) 'hash'\n\nThis is caused by using container_of on the *file pointer. This offset\ncalculation is what triggers the stack-out-of-bounds error.\n\nIn order to fix this, pass in a bprm_is_check boolean which can be set\ndepending on how process_measurement is called. If the caller has a\nlinux_binprm pointer and the function is BPRM_CHECK we can determine\nis_check and set it then. Otherwise set it to false."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/integrity/ima/ima.h","security/integrity/ima/ima_appraise.c","security/integrity/ima/ima_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"95b3cdafd7cb74414070893445a9b731793f7b55","lessThan":"ab3d16da982a4ebb715d487dbf9dd66e3990d935","versionType":"git","status":"affected"},{"version":"95b3cdafd7cb74414070893445a9b731793f7b55","lessThan":"377cae9851e8559e9d8b82a78c1ac0abeb18839c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/integrity/ima/ima.h","security/integrity/ima/ima_appraise.c","security/integrity/ima/ima_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.19.4","matchCriteriaId":"31092616-0795-4C71-9777-22D46B94263F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/377cae9851e8559e9d8b82a78c1ac0abeb18839c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab3d16da982a4ebb715d487dbf9dd66e3990d935","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71307","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.283","lastModified":"2026-06-25T21:04:21.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix NULL pointer dereference on panthor_fw_unplug\n\nThis patch removes the MCU halt and wait for halt procedures during\npanthor_fw_unplug() as the MCU can be in a variety of states or the FW\nmay not even be loaded/initialized at all, the latter of which can lead\nto a NULL pointer dereference.\n\nIt should be safe on unplug to just disable the MCU without waiting for\nit to halt as it may not be able to."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/panthor/panthor_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"51407254986501b19681d55531963f1ea58e89cd","lessThan":"aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c","versionType":"git","status":"affected"},{"version":"51407254986501b19681d55531963f1ea58e89cd","lessThan":"920c6af98e98e6afedf6318a75bac95af8415c6c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/panthor/panthor_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/920c6af98e98e6afedf6318a75bac95af8415c6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aab8b8a42e206a399fe3a5ed4b4cbb45ff6c546c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71308","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.403","lastModified":"2026-06-25T21:04:11.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix potential NULL pointer dereference in context cleanup\n\naie_destroy_context() is invoked during error handling in\naie2_create_context(). However, aie_destroy_context() assumes that the\ncontext's mailbox channel pointer is non-NULL. If mailbox channel\ncreation fails, the pointer remains NULL and calling aie_destroy_context()\ncan lead to a NULL pointer dereference.\n\nIn aie2_create_context(), replace aie_destroy_context() with a function\nwhich request firmware to remove the context created previously."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/accel/amdxdna/aie2_message.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"be462c97b7dfd24999babe39cce3de224ebe1f80","lessThan":"2611c9616cb52d3ed54a6095d72d18e645a6955a","versionType":"git","status":"affected"},{"version":"be462c97b7dfd24999babe39cce3de224ebe1f80","lessThan":"97f27573837ef96b4ba42af463cc800cab615c0e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/accel/amdxdna/aie2_message.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.19.4","matchCriteriaId":"31092616-0795-4C71-9777-22D46B94263F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2611c9616cb52d3ed54a6095d72d18e645a6955a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/97f27573837ef96b4ba42af463cc800cab615c0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71309","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.517","lastModified":"2026-06-25T21:04:08.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix deadlock in ni_read_folio_cmpr\n\nSyzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr).\nThis is caused by a lock inversion deadlock involving the inode mutex\n(ni_lock) and page locks.\n\nScenario:\n1. Task A enters ntfs_read_folio() for page X. It acquires ni_lock.\n2. Task A calls ni_read_folio_cmpr(), which attempts to lock all pages in\n   the compressed frame (including page Y).\n3. Concurrently, Task B (e.g., via readahead) has locked page Y and\n   calls ntfs_read_folio().\n4. Task B waits for ni_lock (held by A).\n5. Task A waits for page Y lock (held by B).\n   -> DEADLOCK.\n\nThe fix is to restructure locking: do not take ni_lock in ntfs_read_folio().\nInstead, acquire ni_lock inside ni_read_folio_cmpr() ONLY AFTER all required\npage locks for the frame have been successfully acquired. This restores the\ncorrect lock ordering (Page Lock -> ni_lock) consistent with VFS.\n\n[almaz.alexandrovich@paragon-software.com: ni_readpage_cmpr was renamed to ni_read_folio_cmpr]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/frecord.c","fs/ntfs3/inode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f35590ee26f5722bfe12cdff14396c4c057a8f74","lessThan":"cfe246b318106e1691bd6c9466c739e8559d25c2","versionType":"git","status":"affected"},{"version":"f35590ee26f5722bfe12cdff14396c4c057a8f74","lessThan":"e37a75bb866c29da954b51d0dd7670406246d9ee","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/frecord.c","fs/ntfs3/inode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cfe246b318106e1691bd6c9466c739e8559d25c2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e37a75bb866c29da954b51d0dd7670406246d9ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71311","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.627","lastModified":"2026-06-25T21:04:05.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Initialize new folios before use\n\nKMSAN reports an uninitialized value in longest_match_std(), invoked\nfrom ntfs_compress_write(). When new folios are allocated without being\nmarked uptodate and ni_read_frame() is skipped because the caller expects\nthe frame to be completely overwritten, some reserved folios may remain\nonly partially filled, leaving the rest memory uninitialized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"584f60ba22f79c89e6708ab82a5b5d9b8fa21fb2","lessThan":"dd6c81527d097b3b0bf5a15c2fdc9657d045144c","versionType":"git","status":"affected"},{"version":"584f60ba22f79c89e6708ab82a5b5d9b8fa21fb2","lessThan":"5a30cc03bde169ad558695b26da6ea7e55f6194a","versionType":"git","status":"affected"},{"version":"584f60ba22f79c89e6708ab82a5b5d9b8fa21fb2","lessThan":"41d79f8e2a36622d148719bf7c18b46ac1264284","versionType":"git","status":"affected"},{"version":"584f60ba22f79c89e6708ab82a5b5d9b8fa21fb2","lessThan":"f223ebffa185cc8da934333c5a31ff2d4f992dc9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41d79f8e2a36622d148719bf7c18b46ac1264284","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a30cc03bde169ad558695b26da6ea7e55f6194a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd6c81527d097b3b0bf5a15c2fdc9657d045144c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f223ebffa185cc8da934333c5a31ff2d4f992dc9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-71312","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:43.763","lastModified":"2026-06-25T21:03:53.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()\n\nIn ntfs_fill_super(), the fc->fs_private pointer is set to NULL without\nfirst freeing the memory it points to. This causes the subsequent call to\nntfs_fs_free() to skip freeing the ntfs_mount_options structure.\n\nThis results in a kmemleak report:\n\n  unreferenced object 0xff1100015378b800 (size 32):\n    comm \"mount\", pid 582, jiffies 4294890685\n    hex dump (first 32 bytes):\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n      00 00 00 00 00 00 00 00 ed ff ed ff 00 04 00 00  ................\n    backtrace (crc ed541d8c):\n      __kmalloc_cache_noprof+0x424/0x5a0\n      __ntfs_init_fs_context+0x47/0x590\n      alloc_fs_context+0x5d8/0x960\n      __x64_sys_fsopen+0xb1/0x190\n      do_syscall_64+0x50/0x1f0\n      entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis issue can be reproduced using the following commands:\n        fallocate -l 100M test.file\n        mount test.file /tmp/test\n\nSince sbi->options is duplicated from fc->fs_private and does not\ndirectly use the memory allocated for fs_private, it is unnecessary to\nset fc->fs_private to NULL.\n\nAdditionally, this patch simplifies the code by utilizing the helper\nfunction put_mount_options() instead of open-coding the cleanup logic."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aee4d5a521e94f658e46c904e08a473daa9c8fc0","lessThan":"dac871d833b09495198dcac81d2ebaa8db11acbc","versionType":"git","status":"affected"},{"version":"aee4d5a521e94f658e46c904e08a473daa9c8fc0","lessThan":"f7edab0cee03a1cbe0e55a7bcab8d2d8b6b74278","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dac871d833b09495198dcac81d2ebaa8db11acbc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7edab0cee03a1cbe0e55a7bcab8d2d8b6b74278","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45847","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:56.577","lastModified":"2026-06-25T21:03:49.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: remove WARN_ON_ONCE when accessing forward path array\n\nAlthough unlikely, recent support for IPIP tunnels increases chances of\nreaching this WARN_ON_ONCE if userspace manages to build a sufficiently\nlong forward path.\n\nRemove it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"548244c2f542aa0ad49453e9306e715a3877bc44","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"dcf9b3c90e5560339649d088836529883fb509f3","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"959ea349c7e2d4edf07b6838ca7e59345fe61a08","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"50422613185d505201167e8bdd2f2700790d5db6","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"a78d055ba7c31103ad02f8eceb0c452e154d2660","versionType":"git","status":"affected"},{"version":"ddb94eafab8b597b05904c8277194ea2d6357fa9","lessThan":"008e7a7c293b30bc43e4368dac6ea3808b75a572","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/dev.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15.202","matchCriteriaId":"5A03991A-3AEB-4B4D-987D-1A1007DF71F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/008e7a7c293b30bc43e4368dac6ea3808b75a572","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50422613185d505201167e8bdd2f2700790d5db6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/548244c2f542aa0ad49453e9306e715a3877bc44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/959ea349c7e2d4edf07b6838ca7e59345fe61a08","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a78d055ba7c31103ad02f8eceb0c452e154d2660","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcf9b3c90e5560339649d088836529883fb509f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45848","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:56.700","lastModified":"2026-06-25T21:03:46.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix NULL sock in aa_sock_file_perm\n\nDeal with the potential that sock and sock-sk can be NULL during\nsocket setup or teardown. This could lead to an oops. The fix for NULL\npointer dereference in __unix_needs_revalidation shows this is at\nleast possible for af_unix sockets. While the fix for af_unix sockets\napplies for newer mediation this is still the fall back path for older\naf_unix mediation and other sockets, so ensure it is covered."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/apparmor/net.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"68538ec34fcb4194c7961dc4eca6f5537fec8067","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"5121b7283f1c46e4c06b88b1dda7b064429d77de","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"c11b7c3280d000376e27ebfed17ec7046699eab4","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"0dc19bca22606f7a61d5988408f74e3ae0ef3486","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"3852eb9a0392eb435c03dcb47d581bcfe6a9a95b","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"ccb66a3c6c8f51b3ed1bc003b70bb9ff99e8d835","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"8a0ededbfcff74598f82f1d4b8ef9db28878b317","versionType":"git","status":"affected"},{"version":"56974a6fcfef69ee0825bd66ed13e92070ac5224","lessThan":"00b67657535dfea56e84d11492f5c0f61d0af297","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/apparmor/net.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.252","matchCriteriaId":"AF5B1FA4-F352-4440-AD34-3CAF12D36F50"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/00b67657535dfea56e84d11492f5c0f61d0af297","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0dc19bca22606f7a61d5988408f74e3ae0ef3486","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3852eb9a0392eb435c03dcb47d581bcfe6a9a95b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5121b7283f1c46e4c06b88b1dda7b064429d77de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68538ec34fcb4194c7961dc4eca6f5537fec8067","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a0ededbfcff74598f82f1d4b8ef9db28878b317","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c11b7c3280d000376e27ebfed17ec7046699eab4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ccb66a3c6c8f51b3ed1bc003b70bb9ff99e8d835","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45849","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:56.850","lastModified":"2026-06-25T21:03:35.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()\n\nocelot_port_xmit_inj() calls ocelot_can_inject() and\nocelot_port_inject_frame() without holding the injection group lock.\nBoth functions contain lockdep_assert_held() for the injection lock,\nand the correct caller felix_port_deferred_xmit() properly acquires\nthe lock using ocelot_lock_inj_grp() before calling these functions.\n\nAdd ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register\ninjection path to fix the missing lock protection. The FDMA path is not\naffected as it uses its own locking mechanism."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/mscc/ocelot_net.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"960ec92774e152b677ccd0006abcab7b9dd814c2","lessThan":"0b217a40156f497e09dd20d3f7baec40c785f386","versionType":"git","status":"affected"},{"version":"e83b49ecb569c9c5fa7cc30e55cf2c15f71f9f39","lessThan":"cc1b179f778f98270bdbbb48d183b4b6427ae198","versionType":"git","status":"affected"},{"version":"c5e12ac3beb0dd3a718296b2d8af5528e9ab728e","lessThan":"7ac58d8832802ec89baa7539e13e6d58a88cce04","versionType":"git","status":"affected"},{"version":"c5e12ac3beb0dd3a718296b2d8af5528e9ab728e","lessThan":"51c32ae7fae14552d79f7139614b77c1bbd57a48","versionType":"git","status":"affected"},{"version":"c5e12ac3beb0dd3a718296b2d8af5528e9ab728e","lessThan":"63da961381e0d979459dede713001f8452364477","versionType":"git","status":"affected"},{"version":"c5e12ac3beb0dd3a718296b2d8af5528e9ab728e","lessThan":"026f6513c5880c2c89e38ad66bbec2868f978605","versionType":"git","status":"affected"},{"version":"609cd73bf38bbd48f1e695e01802114b01aa8811","versionType":"git","status":"affected"},{"version":"6.1.107","lessThan":"6.1.165","versionType":"semver","status":"affected"},{"version":"6.6.48","lessThan":"6.6.128","versionType":"semver","status":"affected"},{"version":"6.10.7","lessThan":"6.11","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/mscc/ocelot_net.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","versionEndExcluding":"6.1.165","matchCriteriaId":"C701106A-D272-47C9-AD8C-9A2784DF8E19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.48","versionEndExcluding":"6.6.128","matchCriteriaId":"5639C7BA-8365-4A4E-A051-DCA6511C0244"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.7","versionEndExcluding":"6.11","matchCriteriaId":"48B1FCEA-70A6-45BD-A39B-9184638703FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.1","versionEndExcluding":"6.12.75","matchCriteriaId":"1C462C6C-BC40-4018-A8C4-C32BDE9791C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:-:*:*:*:*:*:*","matchCriteriaId":"4770BA57-3F3F-493B-8608-EC3B25254949"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*","matchCriteriaId":"B8383ABF-1457-401F-9B61-EE50F4C61F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*","matchCriteriaId":"B77A9280-37E6-49AD-B559-5B23A3B1DC3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*","matchCriteriaId":"DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/026f6513c5880c2c89e38ad66bbec2868f978605","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0b217a40156f497e09dd20d3f7baec40c785f386","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/51c32ae7fae14552d79f7139614b77c1bbd57a48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63da961381e0d979459dede713001f8452364477","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ac58d8832802ec89baa7539e13e6d58a88cce04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc1b179f778f98270bdbbb48d183b4b6427ae198","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45850","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:56.970","lastModified":"2026-06-25T21:03:27.063","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: skip ipv6 extension headers for csum checks\n\nProtocol checksum validation fails for IPv6 if there are extension\nheaders before the protocol header. iph->len already contains its\noffset, so use it to fix the problem."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/ipvs/ip_vs_proto_sctp.c","net/netfilter/ipvs/ip_vs_proto_tcp.c","net/netfilter/ipvs/ip_vs_proto_udp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"0bf92a90bf05ecafe52e92d5bc15a585021a64ac","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"54add3b7d3c154ca89ef5bac2582b0ed1a3a15d5","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"768f665f3685b455ed686370ed7ccb852a125a3b","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"9aa7edc1347b98774e5167ca34e5b8aa6083bde7","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"d643c1ec80b70508f54dac12179e36920e2c00de","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"cdce1e797addab72393c0dfee31aaca41ef7d937","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"a3ca27762ce8476b4fbf9b2a8f5cb74c38e483e4","versionType":"git","status":"affected"},{"version":"0bbdd42b7efa66685b6d74701bcde3a596a3a59d","lessThan":"05cfe9863ef049d98141dc2969eefde72fb07625","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/ipvs/ip_vs_proto_sctp.c","net/netfilter/ipvs/ip_vs_proto_tcp.c","net/netfilter/ipvs/ip_vs_proto_udp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.28","status":"affected"},{"version":"0","lessThan":"2.6.28","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.10.259","matchCriteriaId":"5328D507-47BD-4272-A132-AF70B66CE883"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05cfe9863ef049d98141dc2969eefde72fb07625","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0bf92a90bf05ecafe52e92d5bc15a585021a64ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54add3b7d3c154ca89ef5bac2582b0ed1a3a15d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/768f665f3685b455ed686370ed7ccb852a125a3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9aa7edc1347b98774e5167ca34e5b8aa6083bde7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3ca27762ce8476b4fbf9b2a8f5cb74c38e483e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cdce1e797addab72393c0dfee31aaca41ef7d937","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d643c1ec80b70508f54dac12179e36920e2c00de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45851","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.077","lastModified":"2026-06-25T21:08:29.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Fix reservation of unaccepted memory table\n\nThe reserve_unaccepted() function incorrectly calculates the size of the\nmemblock reservation for the unaccepted memory table. It aligns the\nsize of the table, but fails to account for cases where the table's\nstarting physical address (efi.unaccepted) is not page-aligned.\n\nIf the table starts at an offset within a page and its end crosses into\na subsequent page that the aligned size does not cover, the end of the\ntable will not be reserved. This can lead to the table being overwritten\nor inaccessible, causing a kernel panic in accept_memory().\n\nThis issue was observed when starting Intel TDX VMs with specific memory\nsizes (e.g., > 64GB).\n\nFix this by calculating the end address first (including the unaligned\nstart) and then aligning it up, ensuring the entire range is covered\nby the reservation."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/firmware/efi/efi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8dbe33956d96c9d066ef15ca933ede30748198b2","lessThan":"b7bc182ec1846be437351e44164089d988f9d0dd","versionType":"git","status":"affected"},{"version":"8dbe33956d96c9d066ef15ca933ede30748198b2","lessThan":"ba6b6f1502fa55621d1db23f253d54322bdbe4e0","versionType":"git","status":"affected"},{"version":"8dbe33956d96c9d066ef15ca933ede30748198b2","lessThan":"9b18bf59977f5c5bc3b11b210520f62500a7adf3","versionType":"git","status":"affected"},{"version":"8dbe33956d96c9d066ef15ca933ede30748198b2","lessThan":"e649b5916725c68f44ebf45fb396df563c5dbaf2","versionType":"git","status":"affected"},{"version":"8dbe33956d96c9d066ef15ca933ede30748198b2","lessThan":"0862438c90487e79822d5647f854977d50381505","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/firmware/efi/efi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.1","versionEndExcluding":"6.6.128","matchCriteriaId":"03D115D1-33A5-4C44-99A1-9351F2D9ACE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*","matchCriteriaId":"E346B162-D566-4E62-ABDE-ECBFB21B8BFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*","matchCriteriaId":"0DC421F1-3D5A-4BEF-BF76-4E468985D20B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*","matchCriteriaId":"00AB783B-BE05-40E8-9A55-6AA457D95031"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*","matchCriteriaId":"E7C78D0A-C4A2-4D41-B726-8979E33AD0F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*","matchCriteriaId":"E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.6:rc7:*:*:*:*:*:*","matchCriteriaId":"DC5BD782-474C-4A68-AED7-6EC818FF89AE"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0862438c90487e79822d5647f854977d50381505","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b18bf59977f5c5bc3b11b210520f62500a7adf3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7bc182ec1846be437351e44164089d988f9d0dd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba6b6f1502fa55621d1db23f253d54322bdbe4e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e649b5916725c68f44ebf45fb396df563c5dbaf2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45853","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.330","lastModified":"2026-06-25T21:08:17.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()\n\namdgpu_discovery_get_nps_info() internally allocates memory for ranges\nusing kvcalloc(), which may use vmalloc() for large allocation. Using\nkfree() to release vmalloc memory will lead to a memory corruption.\n\nUse kvfree() to safely handle both kmalloc and vmalloc allocations.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b194d21b9bcc15b50df1bc3ff7428e51c2918a6f","lessThan":"16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e","versionType":"git","status":"affected"},{"version":"b194d21b9bcc15b50df1bc3ff7428e51c2918a6f","lessThan":"9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5","versionType":"git","status":"affected"},{"version":"b194d21b9bcc15b50df1bc3ff7428e51c2918a6f","lessThan":"f441538893eba6347b983f2904819ca6c99da65e","versionType":"git","status":"affected"},{"version":"b194d21b9bcc15b50df1bc3ff7428e51c2918a6f","lessThan":"0c44d61945c4a80775292d96460aa2f22e62f86c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c44d61945c4a80775292d96460aa2f22e62f86c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f441538893eba6347b983f2904819ca6c99da65e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45854","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.437","lastModified":"2026-06-25T21:08:07.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: inside-secure/eip93 - unregister only available algorithm\n\nEIP93 has an options register. This register indicates which crypto\nalgorithms are implemented in silicon. Supported algorithms are\nregistered on this basis. Unregister algorithms on the same basis.\nCurrently, all algorithms are unregistered, even those not supported\nby HW. This results in panic on platforms that don't have all options\nimplemented in silicon."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/inside-secure/eip93/eip93-main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"243d642ff5809811208fa1707b7ab8a6ab4b1d68","versionType":"git","status":"affected"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"4c1c5a1d720fdacea060e106c7dd79417243d121","versionType":"git","status":"affected"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"0ceeadc7b53a041d89d5843f6bf0ccb7c98b0b4f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/inside-secure/eip93/eip93-main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.14","matchCriteriaId":"4CC7C285-4CAC-4ED0-BEF1-D65CD5BA4AD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ceeadc7b53a041d89d5843f6bf0ccb7c98b0b4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/243d642ff5809811208fa1707b7ab8a6ab4b1d68","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c1c5a1d720fdacea060e106c7dd79417243d121","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45855","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.543","lastModified":"2026-06-25T21:08:02.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-scsi: avoid Non-NCQ command starvation\n\nWhen a non-NCQ command is issued while NCQ commands are being executed,\nata_scsi_qc_issue() indicates to the SCSI layer that the command issuing\nshould be deferred by returning SCSI_MLQUEUE_XXX_BUSY.  This command\ndeferring is correct and as mandated by the ACS specifications since\nNCQ and non-NCQ commands cannot be mixed.\n\nHowever, in the case of a host adapter using multiple submission queues,\nwhen the target device is under a constant load of NCQ commands, there\nare no guarantees that requeueing the non-NCQ command will be executed\nlater and it may be deferred again repeatedly as other submission queues\ncan constantly issue NCQ commands from different CPUs ahead of the\nnon-NCQ command. This can lead to very long delays for the execution of\nnon-NCQ commands, and even complete starvation for these commands in the\nworst case scenario.\n\nSince the block layer and the SCSI layer do not distinguish between\nqueueable (NCQ) and non queueable (non-NCQ) commands, libata-scsi SAT\nimplementation must ensure forward progress for non-NCQ commands in the\npresence of NCQ command traffic. This is similar to what SAS HBAs with a\nhardware/firmware based SAT implementation do.\n\nImplement such forward progress guarantee by limiting requeueing of\nnon-NCQ commands from ata_scsi_qc_issue(): when a non-NCQ command is\nreceived and NCQ commands are in-flight, do not force a requeue of the\nnon-NCQ command by returning SCSI_MLQUEUE_XXX_BUSY and instead return 0\nto indicate that the command was accepted but hold on to the qc using\nthe new deferred_qc field of struct ata_port.\n\nThis deferred qc will be issued using the work item deferred_qc_work\nrunning the function ata_scsi_deferred_qc_work() once all in-flight\ncommands complete, which is checked with the port qc_defer() callback\nreturn value indicating that no further delay is necessary. This check\nis done using the helper function ata_scsi_schedule_deferred_qc() which\nis called from ata_scsi_qc_complete(). This thus excludes this mechanism\nfrom all internal non-NCQ commands issued by ATA EH.\n\nWhen a port deferred_qc is non NULL, that is, the port has a command\nwaiting for the device queue to drain, the issuing of all incoming\ncommands (both NCQ and non-NCQ) is deferred using the regular busy\nmechanism. This simplifies the code and also avoids potential denial of\nservice problems if a user issues too many non-NCQ commands.\n\nFinally, whenever ata EH is scheduled, regardless of the reason, a\ndeferred qc is always requeued so that it can be retried once EH\ncompletes. This is done by calling the function\nata_scsi_requeue_deferred_qc() from ata_eh_set_pending(). This avoids\nthe need for any special processing for the deferred qc in case of NCQ\nerror, link or device reset, or device timeout."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/ata/libata-core.c","drivers/ata/libata-eh.c","drivers/ata/libata-scsi.c","drivers/ata/libata.h","include/linux/libata.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"bdb01301f3ea51a59eff252b06643fc1fe843e57","lessThan":"ce22aaed011206fed9cbd8c9c2d44718607f31ee","versionType":"git","status":"affected"},{"version":"bdb01301f3ea51a59eff252b06643fc1fe843e57","lessThan":"888cd7e40adb2ef4af1b4d3b6e2e83ad409ae8c2","versionType":"git","status":"affected"},{"version":"bdb01301f3ea51a59eff252b06643fc1fe843e57","lessThan":"5d61a38a60e62750526d94663b69b7ac5c7f07a5","versionType":"git","status":"affected"},{"version":"bdb01301f3ea51a59eff252b06643fc1fe843e57","lessThan":"0ea84089dbf62a92dc7889c79e6b18fc89260808","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/ata/libata-core.c","drivers/ata/libata-eh.c","drivers/ata/libata-scsi.c","drivers/ata/libata.h","include/linux/libata.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.12.77","matchCriteriaId":"AEC23CCE-25B4-40EB-9392-EE081C6579FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ea84089dbf62a92dc7889c79e6b18fc89260808","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d61a38a60e62750526d94663b69b7ac5c7f07a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/888cd7e40adb2ef4af1b4d3b6e2e83ad409ae8c2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce22aaed011206fed9cbd8c9c2d44718607f31ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45856","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.670","lastModified":"2026-06-25T21:07:52.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send\n\nib_uverbs_post_send() uses cmd.wqe_size from userspace without any\nvalidation before passing it to kmalloc() and using the allocated\nbuffer as struct ib_uverbs_send_wr.\n\nIf a user provides a small wqe_size value (e.g., 1), kmalloc() will\nsucceed, but subsequent accesses to user_wr->opcode, user_wr->num_sge,\nand other fields will read beyond the allocated buffer, resulting in\nan out-of-bounds read from kernel heap memory. This could potentially\nleak sensitive kernel information to userspace.\n\nAdditionally, providing an excessively large wqe_size can trigger a\nWARNING in the memory allocation path, as reported by syzkaller.\n\nThis is inconsistent with ib_uverbs_unmarshall_recv() which properly\nvalidates that wqe_size >= sizeof(struct ib_uverbs_recv_wr) before\nproceeding.\n\nAdd the same validation for ib_uverbs_post_send() to ensure wqe_size\nis at least sizeof(struct ib_uverbs_send_wr)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/core/uverbs_cmd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"9c15ec4cd4e7f57c6bbcb4e73e99290f150dd2a7","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"9b5ac1c15334d46c0dbd49d64a2257b929500163","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"01c9b152647dc70dc06a4a2eff86ebb3b3c76075","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"bf1feed1a7886af945f92890493aefd2b5c9928a","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"d533425ac1f2925b4fc3e4ed9b9d72362cb23475","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"bf4454da8b1e712714628c0a0d6e7845bb40790a","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"bef70ff9841990658610512b4a18e4a88c9b4df6","versionType":"git","status":"affected"},{"version":"c3bea3d2dc5358e05541527283279102383b0231","lessThan":"1956f0a74ccf5dc9c3ef717f2985c3ed3400aab0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/core/uverbs_cmd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.252","matchCriteriaId":"F45A0304-7DE9-4919-BB1E-86B2467051B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01c9b152647dc70dc06a4a2eff86ebb3b3c76075","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1956f0a74ccf5dc9c3ef717f2985c3ed3400aab0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b5ac1c15334d46c0dbd49d64a2257b929500163","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c15ec4cd4e7f57c6bbcb4e73e99290f150dd2a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bef70ff9841990658610512b4a18e4a88c9b4df6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf1feed1a7886af945f92890493aefd2b5c9928a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf4454da8b1e712714628c0a0d6e7845bb40790a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d533425ac1f2925b4fc3e4ed9b9d72362cb23475","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45857","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.793","lastModified":"2026-06-25T21:07:45.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: csiostor: Fix dereference of null pointer rn\n\nThe error exit path when rn is NULL ends up deferencing the null pointer rn\nvia the use of the macro CSIO_INC_STATS. Fix this by adding a new error\nreturn path label after the use of the macro to avoid the deference."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/scsi/csiostor/csio_scsi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"16ccbfddcb32365138c806cf572e69b42a193c5c","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"44ef9f81392de885883f73b9f5c43936a82ae9d7","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"526ea3c0ccd495b0079db3e28fdddd51c1bf01f7","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"25d623f0d77c11a256a54e860d00c239aa9a2583","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"6037124dbf675fbd0a6248aaf04cf07387b8c323","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"25ab5e97d3c5f3ed594b4a65d1cc99dc24756681","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"3bbbab7b6949c76df64210348adbefedaabbf549","versionType":"git","status":"affected"},{"version":"a3667aaed5698b84bad2f1b3f71adc86499f4bc6","lessThan":"1982257570b84dc33753d536dd969fd357a014e9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/scsi/csiostor/csio_scsi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.252","matchCriteriaId":"CE2AB37C-C2C6-4954-AFEA-F00F19979D69"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/16ccbfddcb32365138c806cf572e69b42a193c5c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1982257570b84dc33753d536dd969fd357a014e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/25ab5e97d3c5f3ed594b4a65d1cc99dc24756681","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/25d623f0d77c11a256a54e860d00c239aa9a2583","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3bbbab7b6949c76df64210348adbefedaabbf549","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/44ef9f81392de885883f73b9f5c43936a82ae9d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/526ea3c0ccd495b0079db3e28fdddd51c1bf01f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6037124dbf675fbd0a6248aaf04cf07387b8c323","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45858","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:57.943","lastModified":"2026-06-25T21:07:42.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1\n\nWhen allocating initialized blocks from a large unwritten extent, or\nwhen splitting an unwritten extent during end I/O and converting it to\ninitialized, there is currently a potential issue of stale data if the\nextent needs to be split in the middle.\n\n       0  A      B  N\n       [UUUUUUUUUUUU]    U: unwritten extent\n       [--DDDDDDDD--]    D: valid data\n          |<-  ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_ENTIRE_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and mark the entire extent from 0 to N\nas written.\n\n       0  A      B  N\n       [WWWWWWWWWWWW]    W: written extent\n       [SSDDDDDDDDZZ]    Z: zeroed, S: stale data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and left\na stale written extent from 0 to A.\n\n       0  A      B   N\n       [WW|WWWWWWWWWW]\n       [SS|DDDDDDDDZZ]\n\nFix this by pass EXT4_EXT_DATA_PARTIAL_VALID1 to ext4_split_extent_at()\nwhen splitting at B, don't convert the entire extent to written and left\nit as unwritten after zeroing out B to N. The remaining work is just\nlike the standard two-part split. ext4_split_extent() will pass the\nEXT4_EXT_DATA_VALID2 flag when it calls ext4_split_extent_at() for the\nsecond time, allowing it to properly handle the split. If the split is\nsuccessful, it will keep extent from 0 to A as unwritten."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"dee1f973ca341c266229faa5a1a5bb268bed3531","lessThan":"58ddae5d77b1db3a27b891c75a8fa120239ac092","versionType":"git","status":"affected"},{"version":"dee1f973ca341c266229faa5a1a5bb268bed3531","lessThan":"d17857b4fb9ba5745b59be0ef38fd532991fccbf","versionType":"git","status":"affected"},{"version":"dee1f973ca341c266229faa5a1a5bb268bed3531","lessThan":"d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","versionType":"git","status":"affected"},{"version":"dee1f973ca341c266229faa5a1a5bb268bed3531","lessThan":"7015fcf473796e1d2d876f241bd9e0c36f3d4eef","versionType":"git","status":"affected"},{"version":"dee1f973ca341c266229faa5a1a5bb268bed3531","lessThan":"1bf6974822d1dba86cf11b5f05498581cf3488a2","versionType":"git","status":"affected"},{"version":"814a7833df19e1de7447f870ae890adb12561627","versionType":"git","status":"affected"},{"version":"4319fd00002630a761fa5559a086f11ed7623006","versionType":"git","status":"affected"},{"version":"e28b27be06c5e6a5236c0c0b370ca0768ab086bb","versionType":"git","status":"affected"},{"version":"3.2.33","lessThan":"3.3","versionType":"semver","status":"affected"},{"version":"3.4.16","lessThan":"3.5","versionType":"semver","status":"affected"},{"version":"3.6.4","lessThan":"3.7","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.33","versionEndExcluding":"3.3","matchCriteriaId":"7D40089F-A4F4-4C94-BBAC-C43535AF4868"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.16","versionEndExcluding":"3.5","matchCriteriaId":"02D1330D-36B9-4D58-A75D-C4C610B42844"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.4","versionEndExcluding":"3.7","matchCriteriaId":"3CA6A762-728F-4F89-A986-666FDB6D3B20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.1","versionEndExcluding":"6.6.130","matchCriteriaId":"8968D97D-D419-413C-8EA4-8BCFBB3F6C90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:-:*:*:*:*:*:*","matchCriteriaId":"F482CC77-4452-423A-8A57-523E1AEA1087"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc3:*:*:*:*:*:*","matchCriteriaId":"1757AD11-8AD5-46C7-A5A8-2B788F15C0DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc4:*:*:*:*:*:*","matchCriteriaId":"1B38B2A5-9033-4960-AA1D-EAB51A006451"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc5:*:*:*:*:*:*","matchCriteriaId":"A2BA8BA4-4EDA-487C-BD59-1EB8AA4E3712"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc6:*:*:*:*:*:*","matchCriteriaId":"5C9FE33D-0449-4819-85D9-F63D0D1B9DDA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc7:*:*:*:*:*:*","matchCriteriaId":"1DE42C53-831C-4F53-A8F6-386BC02B806A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.7:rc8:*:*:*:*:*:*","matchCriteriaId":"A2691362-ECBE-4871-8533-EC32418EB525"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1bf6974822d1dba86cf11b5f05498581cf3488a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/58ddae5d77b1db3a27b891c75a8fa120239ac092","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7015fcf473796e1d2d876f241bd9e0c36f3d4eef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d17857b4fb9ba5745b59be0ef38fd532991fccbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45859","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.060","lastModified":"2026-06-25T21:07:39.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation\n\nUlrich reports a regression with nfqueue:\n\nIf an application did not set the 'F_GSO' capability flag and a gso\npacket with an unconfirmed nf_conn entry is received all packets are\nnow dropped instead of queued, because the check happens after\nskb_gso_segment().  In that case, we did have exclusive ownership\nof the skb and its associated conntrack entry.  The elevated use\ncount is due to skb_clone happening via skb_gso_segment().\n\nMove the check so that its peformed vs. the aggregated packet.\n\nThen, annotate the individual segments except the first one so we\ncan do a 2nd check at reinject time.\n\nFor the normal case, where userspace does in-order reinjects, this avoids\npacket drops: first reinjected segment continues traversal and confirms\nentry, remaining segments observe the confirmed entry.\n\nWhile at it, simplify nf_ct_drop_unconfirmed(): We only care about\nunconfirmed entries with a refcnt > 1, there is no need to special-case\ndying entries.\n\nThis only happens with UDP.  With TCP, the only unconfirmed packet will\nbe the TCP SYN, those aren't aggregated by GRO.\n\nNext patch adds a udpgro test case to cover this scenario."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb","lessThan":"79b713ef4261a8ead96af4703f89d0b5f25532e2","versionType":"git","status":"affected"},{"version":"7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb","lessThan":"23901aa6b8a2f294c4b774436b4691f3ff863a8f","versionType":"git","status":"affected"},{"version":"7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb","lessThan":"b740e7ddd7ca0dbfeafca3f5e52717206cf28524","versionType":"git","status":"affected"},{"version":"7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb","lessThan":"207b3ebacb6113acaaec0d171d5307032c690004","versionType":"git","status":"affected"},{"version":"6c4a0ba674f410ab99a30a16f32dac0ebfed5cd3","versionType":"git","status":"affected"},{"version":"6dcc8ba8a6074bb79040f502dc66ad23a58a1c86","versionType":"git","status":"affected"},{"version":"74e6eb7fd27ef1ccc68041dbc66e6d80d2e4a1a0","versionType":"git","status":"affected"},{"version":"025b3326c5c409b372d0103ad30f174e55adbd1b","versionType":"git","status":"affected"},{"version":"5.15.166","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"6.1.107","lessThan":"6.2","versionType":"semver","status":"affected"},{"version":"6.6.48","lessThan":"6.7","versionType":"semver","status":"affected"},{"version":"6.10.7","lessThan":"6.11","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.166","versionEndExcluding":"5.16","matchCriteriaId":"1A731D98-0099-445F-8630-635D92F0D901"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","versionEndExcluding":"6.2","matchCriteriaId":"8A1E4A4D-E736-4034-B734-953CD5D22F1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.48","versionEndExcluding":"6.7","matchCriteriaId":"72C40D03-D807-412F-8A03-2556A2D70DC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.7","versionEndExcluding":"6.11","matchCriteriaId":"48B1FCEA-70A6-45BD-A39B-9184638703FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.1","versionEndExcluding":"6.12.75","matchCriteriaId":"1C462C6C-BC40-4018-A8C4-C32BDE9791C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:-:*:*:*:*:*:*","matchCriteriaId":"4770BA57-3F3F-493B-8608-EC3B25254949"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*","matchCriteriaId":"39889A68-6D34-47A6-82FC-CD0BF23D6754"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*","matchCriteriaId":"B8383ABF-1457-401F-9B61-EE50F4C61F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*","matchCriteriaId":"B77A9280-37E6-49AD-B559-5B23A3B1DC3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*","matchCriteriaId":"DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/207b3ebacb6113acaaec0d171d5307032c690004","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/23901aa6b8a2f294c4b774436b4691f3ff863a8f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/79b713ef4261a8ead96af4703f89d0b5f25532e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b740e7ddd7ca0dbfeafca3f5e52717206cf28524","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45860","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.187","lastModified":"2026-06-25T21:07:36.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: increase the connection clean up limit to 64\n\nAfter the optimization to only perform one GC per jiffy, a new problem\nwas introduced. If more than 8 new connections are tracked per jiffy the\nlist won't be cleaned up fast enough possibly reaching the limit\nwrongly.\n\nIn order to prevent this issue, only skip the GC if it was already\ntriggered during the same jiffy and the increment is lower than the\nclean up limit. In addition, increase the clean up limit to 64\nconnections to avoid triggering GC too often and do more effective GCs.\n\nThis has been tested using a HTTP server and several\nperformance tools while having nft_connlimit/xt_connlimit or OVS limit\nconfigured.\n\nOutput of slowhttptest + OVS limit at 52000 connections:\n\n slow HTTP test status on 340th second:\n initializing:        0\n pending:             432\n connected:           51998\n error:               0\n closed:              0\n service available:   YES"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/netfilter/nf_conntrack_count.h","net/netfilter/nf_conncount.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f106694733c66a48740c25bc4e212e9b2ea364ce","lessThan":"a5c9e14e0e8923218ae881d5e78c990c07694966","versionType":"git","status":"affected"},{"version":"be69850b461e7b491d87a22e33ab76fdd04b725e","lessThan":"13eede458fdf231f1bf96a398feea4ad1553f14c","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"fa85432d58c8e74b39333edbf8d28df2985dfc79","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"0792ad077d776c2dcf20f0484e2461ded1b77a24","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"3d0994ed0aa1fc0a2c5e620b765e8defdd021bff","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"6e5fa7add3e76da068a478d905be64be8fa4e80a","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"0af0812baf2d363176c9b76fc07e33f13aede8db","versionType":"git","status":"affected"},{"version":"d265929930e2ffafc744c0ae05fb70acd53be1ee","lessThan":"21d033e472735ecec677f1ae46d6740b5e47a4f3","versionType":"git","status":"affected"},{"version":"5.10.248","lessThan":"5.10.252","versionType":"semver","status":"affected"},{"version":"5.15.198","lessThan":"5.15.202","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/netfilter/nf_conntrack_count.h","net/netfilter/nf_conncount.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.248","versionEndExcluding":"5.10.252","matchCriteriaId":"0FF383F2-E238-49E9-870A-004DCE6EC4EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.198","versionEndExcluding":"5.15.202","matchCriteriaId":"3E8A14C6-5AE2-428C-8575-4BA8348BC6C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.165","matchCriteriaId":"3DD2C202-0D8D-4C7D-A980-CFCF610F7707"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0792ad077d776c2dcf20f0484e2461ded1b77a24","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0af0812baf2d363176c9b76fc07e33f13aede8db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/13eede458fdf231f1bf96a398feea4ad1553f14c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21d033e472735ecec677f1ae46d6740b5e47a4f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d0994ed0aa1fc0a2c5e620b765e8defdd021bff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e5fa7add3e76da068a478d905be64be8fa4e80a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5c9e14e0e8923218ae881d5e78c990c07694966","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa85432d58c8e74b39333edbf8d28df2985dfc79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45861","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.323","lastModified":"2026-06-25T21:07:33.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in qd_put\n\nCommit a475c5dd16e5 (\"gfs2: Free quota data objects synchronously\")\nstarted freeing quota data objects during filesystem shutdown instead of\nputting them back onto the LRU list, but it failed to remove these\nobjects from the LRU list, causing LRU list corruption.  This caused\nuse-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access\nalready-freed objects on the LRU list.\n\nFix this by removing qd objects from the LRU list before freeing them in\nqd_put().\n\nInitial fix from Deepanshu Kartikey <kartikey406@gmail.com>."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/gfs2/quota.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a475c5dd16e57c570113eccba51955b5df8bb052","lessThan":"ca7c67bdd293089b3483f18886d6b2d0037d2ad9","versionType":"git","status":"affected"},{"version":"a475c5dd16e57c570113eccba51955b5df8bb052","lessThan":"1d47922b98046b8070a77347fb883a6523792803","versionType":"git","status":"affected"},{"version":"a475c5dd16e57c570113eccba51955b5df8bb052","lessThan":"80fff26d7a0c3926b511661c27eecc811a420eef","versionType":"git","status":"affected"},{"version":"a475c5dd16e57c570113eccba51955b5df8bb052","lessThan":"22150a7d401d9e9169b9b68e05bed95f7f49bf69","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/gfs2/quota.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.75","matchCriteriaId":"3565FA4C-FE3A-4308-A770-170A37E6B6CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d47922b98046b8070a77347fb883a6523792803","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22150a7d401d9e9169b9b68e05bed95f7f49bf69","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80fff26d7a0c3926b511661c27eecc811a420eef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca7c67bdd293089b3483f18886d6b2d0037d2ad9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45862","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.430","lastModified":"2026-06-25T21:07:19.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Flush cache for PASID table before using it\n\nWhen writing the address of a freshly allocated zero-initialized PASID\ntable to a PASID directory entry, do that after the CPU cache flush for\nthis PASID table, not before it, to avoid the time window when this\nPASID table may be already used by non-coherent IOMMU hardware while\nits contents in RAM is still some random old data, not zero-initialized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/intel/pasid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7e00b52c8cdd9d3a985d63d72ecae7bde6314883","lessThan":"cd75e77125c8a51754ca4cd60b4ca083ed735d1d","versionType":"git","status":"affected"},{"version":"5c65f097124770c3e5b9b83ed1a8b68c119bc7b5","lessThan":"0616137b70e6d9a547d4b60df8e1b64e36d83661","versionType":"git","status":"affected"},{"version":"2bed9455db7cc0ab7ece6b3d846472097b52855a","lessThan":"36990407cdd257473607e33802d00e978af2759e","versionType":"git","status":"affected"},{"version":"194b3348bdbb7db65375c72f3f774aee4cc6614e","lessThan":"c93f23375d8c410954b0df825e814b632fd62b9d","versionType":"git","status":"affected"},{"version":"194b3348bdbb7db65375c72f3f774aee4cc6614e","lessThan":"5962c30a6f05ea1ab73f039e235bb30716243517","versionType":"git","status":"affected"},{"version":"194b3348bdbb7db65375c72f3f774aee4cc6614e","lessThan":"36244dfd3853f7bf89d03b8e90d56b23ce7fbc16","versionType":"git","status":"affected"},{"version":"194b3348bdbb7db65375c72f3f774aee4cc6614e","lessThan":"d15cda135148ea7ba929cfdbcf208182bc29a7aa","versionType":"git","status":"affected"},{"version":"194b3348bdbb7db65375c72f3f774aee4cc6614e","lessThan":"22d169bdd2849fe6bd18c2643742e1c02be6451c","versionType":"git","status":"affected"},{"version":"1b48c70feefc499b62670521efa002ab01e05df5","versionType":"git","status":"affected"},{"version":"bc348a6cc8f92e9979fbfbb3c6b48fd51b4b1dbf","versionType":"git","status":"affected"},{"version":"5.10.175","lessThan":"5.10.252","versionType":"semver","status":"affected"},{"version":"5.15.103","lessThan":"5.15.202","versionType":"semver","status":"affected"},{"version":"6.1.16","lessThan":"6.1.165","versionType":"semver","status":"affected"},{"version":"5.4.237","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.2.3","lessThan":"6.3","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/intel/pasid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.237","versionEndExcluding":"5.5","matchCriteriaId":"0C125C6E-3E7A-4A75-979B-04AAAD410EF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.175","versionEndExcluding":"5.10.252","matchCriteriaId":"08B1EE9B-280F-4E7A-941C-5D9AC948616D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.103","versionEndExcluding":"5.15.202","matchCriteriaId":"81778946-C492-4AEA-B80D-4A2EA8967C18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.16","versionEndExcluding":"6.1.165","matchCriteriaId":"B497E7DA-EBA6-438A-9E90-86E7682FC30E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.6.128","matchCriteriaId":"7CAC007F-FFC8-4A3B-9BB5-FC3935D31949"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0616137b70e6d9a547d4b60df8e1b64e36d83661","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22d169bdd2849fe6bd18c2643742e1c02be6451c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36244dfd3853f7bf89d03b8e90d56b23ce7fbc16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36990407cdd257473607e33802d00e978af2759e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5962c30a6f05ea1ab73f039e235bb30716243517","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c93f23375d8c410954b0df825e814b632fd62b9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd75e77125c8a51754ca4cd60b4ca083ed735d1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d15cda135148ea7ba929cfdbcf208182bc29a7aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45863","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.557","lastModified":"2026-06-25T21:07:16.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers()\n\nThe dw_i3c_master_i2c_xfers() function allocates memory for the xfer\nstructure using dw_i3c_master_alloc_xfer(). If pm_runtime_resume_and_get()\nfails, the function returns without freeing the allocated xfer, resulting\nin a memory leak.\n\nAdd a dw_i3c_master_free_xfer() call to the error path to ensure the\nallocated memory is properly freed.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/i3c/master/dw-i3c-master.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"62fe9d06f5709caa1fa68055873ff279e05ade37","lessThan":"140a45bd4f6db7d1b30cab967d29689b946c52fa","versionType":"git","status":"affected"},{"version":"62fe9d06f5709caa1fa68055873ff279e05ade37","lessThan":"8e71414e252c1cb235911008a98fd47927d3a55c","versionType":"git","status":"affected"},{"version":"62fe9d06f5709caa1fa68055873ff279e05ade37","lessThan":"a2c41467ef42f69a3958493a0395ba75174710dc","versionType":"git","status":"affected"},{"version":"62fe9d06f5709caa1fa68055873ff279e05ade37","lessThan":"2537089413514caaa9a5fdeeac3a34d45100f747","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/i3c/master/dw-i3c-master.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/140a45bd4f6db7d1b30cab967d29689b946c52fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2537089413514caaa9a5fdeeac3a34d45100f747","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8e71414e252c1cb235911008a98fd47927d3a55c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2c41467ef42f69a3958493a0395ba75174710dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45864","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.667","lastModified":"2026-06-25T21:07:13.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: prevent infinite loops caused by the next valid being the same\n\nWhen processing valid within the range [valid : pos), if valid cannot\nbe retrieved correctly, for example, if the retrieved valid value is\nalways the same, this can trigger a potential infinite loop, similar\nto the hung problem reported by syzbot [1].\n\nAdding a check for the valid value within the loop body, and terminating\nthe loop and returning -EINVAL if the value is the same as the current\nvalue, can prevent this.\n\n[1]\nINFO: task syz.4.21:6056 blocked for more than 143 seconds.\nCall Trace:\n rwbase_write_lock+0x14f/0x750 kernel/locking/rwbase_rt.c:244\n inode_lock include/linux/fs.h:1027 [inline]\n ntfs_file_write_iter+0xe6/0x870 fs/ntfs3/file.c:1284"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"50c822fcb36768f1fb356f05b02a2248ef81936d","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"6d93239b4fc479f7c0a412dd196ec0ca2672d14a","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"71c8b966ec56e13c02388c1312910588bb49be7a","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"b97e371e5d1c13d722335d46eb8bc1a22b272a0e","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"a47a2bb9aa6455d5cee1045814a60c749309c92b","versionType":"git","status":"affected"},{"version":"4342306f0f0d5ff4315a204d315c1b51b914fca5","lessThan":"27b75ca4e51e3e4554dc85dbf1a0246c66106fd3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.202","matchCriteriaId":"B0330CE4-09CE-43EF-A9C8-CD49FFD1DC98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/27b75ca4e51e3e4554dc85dbf1a0246c66106fd3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bf3bafb8e0635ed93e3cd4156dcbcc0fb960cb4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50c822fcb36768f1fb356f05b02a2248ef81936d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d93239b4fc479f7c0a412dd196ec0ca2672d14a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71c8b966ec56e13c02388c1312910588bb49be7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a47a2bb9aa6455d5cee1045814a60c749309c92b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b97e371e5d1c13d722335d46eb8bc1a22b272a0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45865","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.787","lastModified":"2026-06-25T21:07:04.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmctp i2c: initialise event handler read bytes\n\nSet a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads\nwill return \"val\" from the i2c bus driver. For i2c-aspeed and\ni2c-npcm7xx that is a stack uninitialised u8.\n\nTested with \"i2ctransfer -y 1 r10@0x34\" where 0x34 is a mctp-i2c\ninstance, now it returns all 0xff."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/mctp/mctp-i2c.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"93e01e837e105299f1c259ef71f6e1ec4fe806e3","versionType":"git","status":"affected"},{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"11f83253244060b5de5eac787f61ae3f3e559d01","versionType":"git","status":"affected"},{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"fa9861e5c8af7651dddfa8d490aaada17ae33b6c","versionType":"git","status":"affected"},{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"6ff2ebfef75fbc57d937d8fbe738b967edf2d331","versionType":"git","status":"affected"},{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"1eeedb310229bfee9dd4d992e5bba33fe1378a8f","versionType":"git","status":"affected"},{"version":"f5b8abf9fc3dacd7529d363e26fe8230935d65f8","lessThan":"2a14e91b6d76639dac70ea170f4384c1ee3cb48d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/mctp/mctp-i2c.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.165","matchCriteriaId":"3B9A8D13-BEFF-47C0-956C-415602FDDAAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11f83253244060b5de5eac787f61ae3f3e559d01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1eeedb310229bfee9dd4d992e5bba33fe1378a8f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a14e91b6d76639dac70ea170f4384c1ee3cb48d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ff2ebfef75fbc57d937d8fbe738b967edf2d331","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93e01e837e105299f1c259ef71f6e1ec4fe806e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fa9861e5c8af7651dddfa8d490aaada17ae33b6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45866","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:16:58.963","lastModified":"2026-06-25T21:06:52.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: caif: fix use-after-free in caif_serial ldisc_close()\n\nThere is a use-after-free bug in caif_serial where handle_tx() may\naccess ser->tty after the tty has been freed.\n\nThe race condition occurs between ldisc_close() and packet transmission:\n\n    CPU 0 (close)                     CPU 1 (xmit)\n    -------------                     ------------\n    ldisc_close()\n      tty_kref_put(ser->tty)\n      [tty may be freed here]\n                     <-- race window -->\n                                      caif_xmit()\n                                        handle_tx()\n                                          tty = ser->tty  // dangling ptr\n                                          tty->ops->write() // UAF!\n      schedule_work()\n        ser_release()\n          unregister_netdevice()\n\nThe root cause is that tty_kref_put() is called in ldisc_close() while\nthe network device is still active and can receive packets.\n\nSince ser and tty have a 1:1 binding relationship with consistent\nlifecycles (ser is allocated in ldisc_open and freed in ser_release\nvia unregister_netdevice, and each ser binds exactly one tty), we can\nsafely defer the tty reference release to ser_release() where the\nnetwork device is unregistered.\n\nFix this by moving tty_kref_put() from ldisc_close() to ser_release(),\nafter unregister_netdevice(). This ensures the tty reference is held\nas long as the network device exists, preventing the UAF.\n\nNote: We save ser->tty before unregister_netdevice() because ser is\nembedded in netdev's private data and will be freed along with netdev\n(needs_free_netdev = true).\n\nHow to reproduce: Add mdelay(500) at the beginning of ldisc_close()\nto widen the race window, then run the reproducer program [1].\n\nNote: There is a separate deadloop issue in handle_tx() when using\nPORT_UNKNOWN serial ports (e.g., /dev/ttyS3 in QEMU without proper\nserial backend). This deadloop exists even without this patch,\nand is likely caused by inconsistency between uart_write_room() and\nuart_write() in serial core. It has been addressed in a separate\npatch [2].\n\nKASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in handle_tx+0x5d1/0x620\nRead of size 1 at addr ffff8881131e1490 by task caif_uaf_trigge/9929\n\nCall Trace:\n <TASK>\n dump_stack_lvl+0x10e/0x1f0\n print_report+0xd0/0x630\n kasan_report+0xe4/0x120\n handle_tx+0x5d1/0x620\n dev_hard_start_xmit+0x9d/0x6c0\n __dev_queue_xmit+0x6e2/0x4410\n packet_xmit+0x243/0x360\n packet_sendmsg+0x26cf/0x5500\n __sys_sendto+0x4a3/0x520\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0xc9/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f615df2c0d7\n\nAllocated by task 9930:\n\nFreed by task 64:\n\nLast potentially related work creation:\n\nThe buggy address belongs to the object at ffff8881131e1000\n which belongs to the cache kmalloc-cg-2k of size 2048\nThe buggy address is located 1168 bytes inside of\n freed 2048-byte region [ffff8881131e1000, ffff8881131e1800)\n\nThe buggy address belongs to the physical page:\npage_owner tracks the page as allocated\npage last free pid 9778 tgid 9778 stack trace:\n\nMemory state around the buggy address:\n ffff8881131e1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8881131e1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff8881131e1480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                         ^\n ffff8881131e1500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8881131e1580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n[1]: https://gist.github.com/mrpre/f683f244544f7b11e7fa87df9e6c2eeb\n[2]: https://lore.kernel.org/linux-serial/20260204074327.226165-1-jiayuan.chen@linux.dev/T/#u"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/caif/caif_serial.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"5e266ba8d330d3b8e5bc198f238cd8901826cfa1","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"d3c75db4e0460641dbcd274b40867e252d801da1","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"4e63d6f68544ae5269ac9735ae5b69b59b5b8725","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"331e2b7051635780edea248dd08ae2026c126f4a","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"52731ef4438155cea782fac74e547a327ab9e7c5","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"c8c197aaa56b25a2d54f3aa07e27e228d6c08546","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"40962f2bf8cdba63af23aec95ad3f49b689e58e2","versionType":"git","status":"affected"},{"version":"56e0ef527b184b3de2d7f88c6190812b2b2ac6bf","lessThan":"308e7e4d0a846359685f40aade023aee7b27284c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/caif/caif_serial.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.11","status":"affected"},{"version":"0","lessThan":"3.11","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.10.252","matchCriteriaId":"8DE35674-7D79-4830-BF54-FA8783712527"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/308e7e4d0a846359685f40aade023aee7b27284c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/331e2b7051635780edea248dd08ae2026c126f4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/40962f2bf8cdba63af23aec95ad3f49b689e58e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e63d6f68544ae5269ac9735ae5b69b59b5b8725","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52731ef4438155cea782fac74e547a327ab9e7c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e266ba8d330d3b8e5bc198f238cd8901826cfa1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8c197aaa56b25a2d54f3aa07e27e228d6c08546","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3c75db4e0460641dbcd274b40867e252d801da1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45867","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.023","lastModified":"2026-06-25T21:06:38.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: act8945a: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/act8945a_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"f2a0777b1e5a3cee1712c4d3e9095c0df8fc8cb3","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"0768e8525a46df103647ca5059b32320d7fd17e4","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"d023ef9f748b2090f7a9dbdd5c622b6ad99088ea","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"697bb5dc0cb4791e244f3970b067bc1ef33be9d9","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"76a42ba547a9b2e2337894f67a4d9247445007d5","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"f27eb76def5c07e4d7cc468b40741f19dafc83ce","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"83c1bd466c514cb24ca6ef347c5aac76a13c4e1e","versionType":"git","status":"affected"},{"version":"a09209acd6a808794bdd7866af3678d1fd1d90e7","lessThan":"3291c51d4684d048dd2eb91b5b65fcfdaf72141f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/act8945a_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.252","matchCriteriaId":"76AC1846-5EF5-4C28-9E88-EED4D74FB8F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0768e8525a46df103647ca5059b32320d7fd17e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3291c51d4684d048dd2eb91b5b65fcfdaf72141f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/697bb5dc0cb4791e244f3970b067bc1ef33be9d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/76a42ba547a9b2e2337894f67a4d9247445007d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83c1bd466c514cb24ca6ef347c5aac76a13c4e1e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d023ef9f748b2090f7a9dbdd5c622b6ad99088ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f27eb76def5c07e4d7cc468b40741f19dafc83ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f2a0777b1e5a3cee1712c4d3e9095c0df8fc8cb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45868","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.167","lastModified":"2026-06-25T21:06:34.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: single: fix refcount leak in pcs_add_gpio_func()\n\nof_parse_phandle_with_args() returns a device_node pointer with refcount\nincremented in gpiospec.np. The loop iterates through all phandles but\nnever releases the reference, causing a refcount leak on each iteration.\n\nAdd of_node_put() calls to release the reference after extracting the\nneeded arguments and on the error path when devm_kzalloc() fails.\n\nThis bug was detected by our static analysis tool and verified by my\ncode review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pinctrl/pinctrl-single.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"191bfd5710d6a7f48ba4315d8d3e908dcc15243c","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"3e3b28bb0b6ddc521a4fdd1c1ba0d35017a0796b","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"456a60d06c09a92680dc35fabca68024badcc28e","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"99cc7352156c65201c675f750e0e77c4c73d93f5","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"7814b1431848854b56717086e2b61bea3c59753d","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"e2e367e56bacb93ce5ac73f0b3297d5c83d38dd4","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"5b9e84d27e310f22c4ba45fedbc4f5baf43dd823","versionType":"git","status":"affected"},{"version":"a1a277eb76b3507df7c41774048a644aa4dfd096","lessThan":"353353309b0f7afa407df29e455f9d15b5acc296","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pinctrl/pinctrl-single.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.252","matchCriteriaId":"FC824489-530D-444B-A3EF-B0BEC674899B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/191bfd5710d6a7f48ba4315d8d3e908dcc15243c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/353353309b0f7afa407df29e455f9d15b5acc296","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e3b28bb0b6ddc521a4fdd1c1ba0d35017a0796b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/456a60d06c09a92680dc35fabca68024badcc28e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b9e84d27e310f22c4ba45fedbc4f5baf43dd823","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7814b1431848854b56717086e2b61bea3c59753d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/99cc7352156c65201c675f750e0e77c4c73d93f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2e367e56bacb93ce5ac73f0b3297d5c83d38dd4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45869","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.290","lastModified":"2026-06-25T21:06:30.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()\n\nIn `probe()`, `request_irq()` is called before allocating/registering a\n`power_supply` handle. If an interrupt is fired between the call to\n`request_irq()` and `power_supply_register()`, the `power_supply` handle\nwill be used uninitialized in `power_supply_changed()` in\n`wm97xx_bat_update()` (triggered from the interrupt handler). This will\nlead to a `NULL` pointer dereference since\n\nFix this racy `NULL` pointer dereference by making sure the IRQ is\nrequested _after_ the registration of the `power_supply` handle. Since\nthe IRQ is the last thing requests in the `probe()` now, remove the\nerror path for freeing it. Instead add one for unregistering the\n`power_supply` handle when IRQ request fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/wm97xx_battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"3d7b5391bb95505b3581c1fb77150c467ab92864","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"438f9a303ea8b55162b2d5376490c2ab3ec165a0","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"9b7d77cb046b4487e8e511e04e62b6f416ce845c","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"86183153c299e8bb1839e717286d6c6f39508a59","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"93bdf715d33cf5ee01c58e8546c2469c71ce082a","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"c0def811ad8d642dca9b6d31a198cc39f5f90837","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"dfaf235d5a6b60cbf115a14a656946303ad007b7","versionType":"git","status":"affected"},{"version":"7c87942aef52d2120e95ff1dec739998b9f95a78","lessThan":"39fe0eac6d755ef215026518985fcf8de9360e9e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/wm97xx_battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.32","status":"affected"},{"version":"0","lessThan":"2.6.32","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32","versionEndExcluding":"5.10.252","matchCriteriaId":"8CE41C75-8DCF-44F0-8113-EB9D133FC448"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/39fe0eac6d755ef215026518985fcf8de9360e9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d7b5391bb95505b3581c1fb77150c467ab92864","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/438f9a303ea8b55162b2d5376490c2ab3ec165a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86183153c299e8bb1839e717286d6c6f39508a59","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93bdf715d33cf5ee01c58e8546c2469c71ce082a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b7d77cb046b4487e8e511e04e62b6f416ce845c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0def811ad8d642dca9b6d31a198cc39f5f90837","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dfaf235d5a6b60cbf115a14a656946303ad007b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45870","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.420","lastModified":"2026-06-25T21:06:26.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: auth_gss: fix memory leaks in XDR decoding error paths\n\nThe gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name()\nfunctions allocate memory via gssx_dec_buffer(), which calls\nkmemdup(). When a subsequent decode operation fails, these\nfunctions return immediately without freeing previously\nallocated buffers, causing memory leaks.\n\nThe leak in gssx_dec_ctx() is particularly relevant because\nthe caller (gssp_accept_sec_context_upcall) initializes several\nbuffer length fields to non-zero values, resulting in memory\nallocation:\n\n    struct gssx_ctx rctxh = {\n        .exported_context_token.len = GSSX_max_output_handle_sz,\n        .mech.len = GSS_OID_MAX_LEN,\n        .src_name.display_name.len = GSSX_max_princ_sz,\n        .targ_name.display_name.len = GSSX_max_princ_sz\n    };\n\nIf, for example, gssx_dec_name() succeeds for src_name but\nfails for targ_name, the memory allocated for\nexported_context_token, mech, and src_name.display_name\nremains unreferenced and cannot be reclaimed.\n\nAdd error handling with goto-based cleanup to free any\npreviously allocated buffers before returning an error."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sunrpc/auth_gss/gss_rpc_xdr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"c81431b1b9fbd21e9a5a9211b5517b7295d18e6a","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"caf7eff432e91a9eba1c79fa545c2f54be15d62b","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"64303b92d94c0c7845a273acd8d84b796d6f1db7","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"df10f23defff22c8d55fe6db74f6e4ce927145bf","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"b4af3806846778799cd4ab0766dc18341e777264","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"d79b9097a6a2b91471b40755f1225364be5d85ff","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"3b56eb90feb8a3709417f5624f3871847d42bcb1","versionType":"git","status":"affected"},{"version":"1d658336b05f8697d6445834f8867f8ad5e4f735","lessThan":"3e6397b056335cc56ef0e9da36c95946a19f5118","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sunrpc/auth_gss/gss_rpc_xdr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.252","matchCriteriaId":"FC824489-530D-444B-A3EF-B0BEC674899B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3b56eb90feb8a3709417f5624f3871847d42bcb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e6397b056335cc56ef0e9da36c95946a19f5118","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/64303b92d94c0c7845a273acd8d84b796d6f1db7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4af3806846778799cd4ab0766dc18341e777264","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c81431b1b9fbd21e9a5a9211b5517b7295d18e6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/caf7eff432e91a9eba1c79fa545c2f54be15d62b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d79b9097a6a2b91471b40755f1225364be5d85ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/df10f23defff22c8d55fe6db74f6e4ce927145bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45871","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.543","lastModified":"2026-06-25T21:06:23.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: st33zp24: Fix missing cleanup on get_burstcount() error\n\nget_burstcount() can return -EBUSY on timeout. When this happens,\nst33zp24_send() returns directly without releasing the locality\nacquired earlier.\n\nUse goto out_err to ensure proper cleanup when get_burstcount() fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/tpm/st33zp24/st33zp24.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"e0ce3da82341fcd6194175f1837946b2a894c625","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"7687133509cf66ced120b667fefd21f80bf17993","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"1256c6dc96d1e687e6e9b63088156ed07411b00c","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"a51cff9be046e13e1c1b2fe45d5c48b582ec9b8c","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"cc09d55f519e15355de343264a22ac6682b8305e","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"ec15eb67fe9df87981b4829b901ec254273ca483","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"4fffb77d35d038f146e6192da583dbe4971d869e","versionType":"git","status":"affected"},{"version":"bf38b8710892333cec2d8069644eb36ff435fd6f","lessThan":"3e91b44c93ad2871f89fc2a98c5e4fe6ca5db3d9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/tpm/st33zp24/st33zp24.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.1","status":"affected"},{"version":"0","lessThan":"4.1","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"5.10.252","matchCriteriaId":"AFCC1430-2194-4A37-8732-891682CC5E8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1256c6dc96d1e687e6e9b63088156ed07411b00c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e91b44c93ad2871f89fc2a98c5e4fe6ca5db3d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fffb77d35d038f146e6192da583dbe4971d869e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7687133509cf66ced120b667fefd21f80bf17993","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a51cff9be046e13e1c1b2fe45d5c48b582ec9b8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc09d55f519e15355de343264a22ac6682b8305e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e0ce3da82341fcd6194175f1837946b2a894c625","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec15eb67fe9df87981b4829b901ec254273ca483","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45872","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.670","lastModified":"2026-06-25T21:06:15.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix memory leak in pqi_report_phys_luns()\n\npqi_report_phys_luns() fails to release the rpl_list buffer when\nencountering an unsupported data format or when the allocation for\nrpl_16byte_wwid_list fails. These early returns bypass the cleanup logic,\nleading to memory leaks.\n\nConsolidate the error handling by adding an out_free_rpl_list label and use\ngoto statements to ensure rpl_list is consistently freed on failure.\n\nCompile tested only. Issue found using a prototype static analysis tool and\ncode review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/scsi/smartpqi/smartpqi_init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"f471ecfec093e39ef8fd08978413793087daa14d","versionType":"git","status":"affected"},{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"fdf1188cfa80f88c9f18d58cb33d57ff40e70e26","versionType":"git","status":"affected"},{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"d52e13122d3771f753dd73ae6512fa01f58015cb","versionType":"git","status":"affected"},{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"e5579ebaadc7b699868dad0f591a7bf83cd647e1","versionType":"git","status":"affected"},{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"454570434114e4862767f506a442a0f110b639b2","versionType":"git","status":"affected"},{"version":"28ca6d876c5a375094847606046e0bf5d044d9b4","lessThan":"41b37312bd9722af77ec7817ccf22d7a4880c289","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/scsi/smartpqi/smartpqi_init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41b37312bd9722af77ec7817ccf22d7a4880c289","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/454570434114e4862767f506a442a0f110b639b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d52e13122d3771f753dd73ae6512fa01f58015cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e5579ebaadc7b699868dad0f591a7bf83cd647e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f471ecfec093e39ef8fd08978413793087daa14d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdf1188cfa80f88c9f18d58cb33d57ff40e70e26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45873","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.780","lastModified":"2026-06-25T21:06:04.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: check for partial overlaps in anonymous sets\n\nUserspace provides an optimized representation in case intervals are\nadjacent, where the end element is omitted.\n\nThe existing partial overlap detection logic skips anonymous set checks\non start elements for this reason.\n\nHowever, it is possible to add intervals that overlap to this anonymous\nwhere two start elements with the same, eg. A-B, A-C where C < B.\n\n      start     end\n\tA        B\n      start  end\n        A     C\n\nRestore the check on overlapping start elements to report an overlap."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nft_set_rbtree.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4aacf3d78424293e318c616016865380b37b9cc5","lessThan":"7ca5813e1b21ef300e04593f47b073ef3217aac6","versionType":"git","status":"affected"},{"version":"2bf1435fa19d2c58054391b3bba40d5510a5758c","lessThan":"029e5f6a95e905b12d6bc20421be32a01e0eb311","versionType":"git","status":"affected"},{"version":"318cb24a4c3fce8140afaf84e4d45fcb76fb280b","lessThan":"f1381ce0a1dd013610985e1c4260908163a427df","versionType":"git","status":"affected"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"f1535d56fc3f6c625b7e0559c006bd0318791bb1","versionType":"git","status":"affected"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"05feaf826390fd16f1deb89dd9412def3b2a280f","versionType":"git","status":"affected"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"dad14d22dff1a191612acb98facceb303d0524a2","versionType":"git","status":"affected"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"e6497e06a102870803a59570d75ed2c36d7e11b3","versionType":"git","status":"affected"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"4780ec142cbb24b794129d3080eee5cac2943ffc","versionType":"git","status":"affected"},{"version":"7ab87a326f20c52ff4d9972052d085be951c704b","versionType":"git","status":"affected"},{"version":"181859bdfb9734aca449512fccaee4cacce64aed","versionType":"git","status":"affected"},{"version":"5.10.166","lessThan":"5.10.252","versionType":"semver","status":"affected"},{"version":"5.15.91","lessThan":"5.15.202","versionType":"semver","status":"affected"},{"version":"6.1.9","lessThan":"6.1.165","versionType":"semver","status":"affected"},{"version":"4.19.316","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.262","lessThan":"5.5","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nft_set_rbtree.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.316","versionEndExcluding":"4.20","matchCriteriaId":"76EC9BF9-9775-4D90-B594-4C2AB71E1F86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.262","versionEndExcluding":"5.5","matchCriteriaId":"5CE7F771-8144-4AEC-B6E3-5F4830BD8EB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.166","versionEndExcluding":"5.10.252","matchCriteriaId":"C9005873-27CF-4046-B8E1-755D96DF0EC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.91","versionEndExcluding":"5.15.202","matchCriteriaId":"0179C040-8D00-4A6E-A1BA-9BE95B342A9F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.9","versionEndExcluding":"6.1.165","matchCriteriaId":"1DAC5B1F-8281-4EF6-A25F-9D6A3BA9F93C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.1","versionEndExcluding":"6.6.128","matchCriteriaId":"E6A74630-9345-4DA5-A7AF-7F3D9C192304"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:*","matchCriteriaId":"3ADCCCEE-143A-4B48-9B2A-0CB97BD385DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*","matchCriteriaId":"4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*","matchCriteriaId":"C64BDD9D-C663-4E75-AE06-356EDC392B82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*","matchCriteriaId":"26544390-88E4-41CA-98BF-7BB1E9D4E243"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/029e5f6a95e905b12d6bc20421be32a01e0eb311","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/05feaf826390fd16f1deb89dd9412def3b2a280f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4780ec142cbb24b794129d3080eee5cac2943ffc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ca5813e1b21ef300e04593f47b073ef3217aac6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad14d22dff1a191612acb98facceb303d0524a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6497e06a102870803a59570d75ed2c36d7e11b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1381ce0a1dd013610985e1c4260908163a427df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1535d56fc3f6c625b7e0559c006bd0318791bb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45874","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:00.913","lastModified":"2026-06-25T21:05:35.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nphy: freescale: imx8qm-hsio: fix NULL pointer dereference\n\nDuring the probe the refclk_pad pointer is set to NULL if the\n'fsl,refclk-pad-mode' property is not defined in the devicetree node. But\nin imx_hsio_configure_clk_pad() this pointer is unconditionally used which\ncould result in a NULL pointer dereference. So check the pointer before to\nuse it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/phy/freescale/phy-fsl-imx8qm-hsio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"82c56b6dd24fcdf811f2b47b72e5585c8a79b685","lessThan":"a771b386cb6c6e582e7b50f8eeff3347ff887f71","versionType":"git","status":"affected"},{"version":"82c56b6dd24fcdf811f2b47b72e5585c8a79b685","lessThan":"dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2","versionType":"git","status":"affected"},{"version":"82c56b6dd24fcdf811f2b47b72e5585c8a79b685","lessThan":"8d29e81e9cdec84d4b9acb1736550d35e86c88af","versionType":"git","status":"affected"},{"version":"82c56b6dd24fcdf811f2b47b72e5585c8a79b685","lessThan":"4dd5d4c0361af0a3fd24f45c815996abf4429770","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/phy/freescale/phy-fsl-imx8qm-hsio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4dd5d4c0361af0a3fd24f45c815996abf4429770","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d29e81e9cdec84d4b9acb1736550d35e86c88af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a771b386cb6c6e582e7b50f8eeff3347ff887f71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd8b9ba3d9701832cfb5dcefd8b43250df28dbc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45875","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.117","lastModified":"2026-06-25T21:05:32.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure\n\nThe wm5102_clear_write_sequencer() helper may return an error\nand just return, bypassing the cleanup sequence and causing\nregulators to remain enabled, leading to a resource leak.\n\nChange the direct return to jump to the err_reset label to\nproperly free the resources."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/mfd/arizona-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"933c5463873582baaecf5c38401ec4095b1c6269","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"445cec7b4fbb1546836ae8e332d158e8d37d0fb6","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"3ea01691738b0decb63ea2705d2cdf27f6f26fc0","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"e0527c09bcf1e6beeb685a7f4177683866b8609c","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"5a4923726a165593d7601834a6fb2a10ab47b85d","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"2049820d1e635e467d795237fd40287213d92349","versionType":"git","status":"affected"},{"version":"1c1c6bba57f51331f64f32d0ce9a0f9883041205","lessThan":"4feb753ba6e5e5bbaba868b841a2db41c21e56fa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/mfd/arizona-core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.10.252","matchCriteriaId":"C8804750-9CF7-4B7E-9AF2-6417C12ED933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2049820d1e635e467d795237fd40287213d92349","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3ea01691738b0decb63ea2705d2cdf27f6f26fc0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/445cec7b4fbb1546836ae8e332d158e8d37d0fb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4feb753ba6e5e5bbaba868b841a2db41c21e56fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/54eafc1b0dbcf79c5f8b6dc8d9e92e56b9384c0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a4923726a165593d7601834a6fb2a10ab47b85d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/933c5463873582baaecf5c38401ec4095b1c6269","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e0527c09bcf1e6beeb685a7f4177683866b8609c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45876","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.280","lastModified":"2026-06-25T21:11:36.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64/gcs: Fix error handling in arch_set_shadow_stack_status()\n\nalloc_gcs() returns an error-encoded pointer on failure, which comes\nfrom do_mmap(), not NULL.\n\nThe current NULL check fails to detect errors, which could lead to using\nan invalid GCS address.\n\nUse IS_ERR_VALUE() to properly detect errors, consistent with the\ncheck in gcs_alloc_thread_stack()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/mm/gcs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b57180c75c7ebff6613886cb69ef6e283a10358b","lessThan":"c787a235deb33be6eda40beee8f561da5fd8cb8c","versionType":"git","status":"affected"},{"version":"b57180c75c7ebff6613886cb69ef6e283a10358b","lessThan":"a4741114c9622346c4bbb8cc2bbd88153616ffaf","versionType":"git","status":"affected"},{"version":"b57180c75c7ebff6613886cb69ef6e283a10358b","lessThan":"53c998527ffa60f9deda8974a11ad39790684159","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/mm/gcs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/53c998527ffa60f9deda8974a11ad39790684159","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4741114c9622346c4bbb8cc2bbd88153616ffaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c787a235deb33be6eda40beee8f561da5fd8cb8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45877","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.397","lastModified":"2026-06-25T21:11:50.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients\n\nDuring a warm reset flow, the cl->device pointer may be NULL if the\nreset occurs while clients are still being enumerated. Accessing\ncl->device->reference_count without a NULL check leads to a kernel panic.\n\nThis issue was identified during multi-unit warm reboot stress clycles.\nAdd a defensive NULL check for cl->device to ensure stability under\nsuch intensive testing conditions.\n\nKASAN: null-ptr-deref in range [0000000000000000-0000000000000007]\nWorkqueue: ish_fw_update_wq fw_reset_work_fn\n\nCall Trace:\n ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp]\n ishtp_reset_handler+0x85/0x1a0 [intel_ishtp]\n fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/hid/intel-ish-hid/ishtp/bus.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3703f53b99e4a7c373ce3568dd3f91f175ebb626","lessThan":"0b605e8ce60698c27a26f512968a597fd620d2e8","versionType":"git","status":"affected"},{"version":"3703f53b99e4a7c373ce3568dd3f91f175ebb626","lessThan":"feb4bcfd405282de60aba321f13a1272b30c5af4","versionType":"git","status":"affected"},{"version":"3703f53b99e4a7c373ce3568dd3f91f175ebb626","lessThan":"272dac57caa981718e7188c80c703e7bb1998054","versionType":"git","status":"affected"},{"version":"3703f53b99e4a7c373ce3568dd3f91f175ebb626","lessThan":"56f7db581ee73af53cd512e00a6261a025bf1d58","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/hid/intel-ish-hid/ishtp/bus.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.12.75","matchCriteriaId":"92ADFD56-FA39-4DE6-9CF7-BCDABCA8FF06"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b605e8ce60698c27a26f512968a597fd620d2e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/272dac57caa981718e7188c80c703e7bb1998054","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56f7db581ee73af53cd512e00a6261a025bf1d58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/feb4bcfd405282de60aba321f13a1272b30c5af4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45878","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.547","lastModified":"2026-06-25T21:12:02.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix watch_id bounds checking in debug address watch v2\n\nThe address watch clear code receives watch_id as an unsigned value\n(u32), but some helper functions were using a signed int and checked\nbits by shifting with watch_id.\n\nIf a very large watch_id is passed from userspace, it can be converted\nto a negative value.  This can cause invalid shifts and may access\nmemory outside the watch_points array.\n\ndrm/amdkfd: Fix watch_id bounds checking in debug address watch v2\n\nFix this by checking that watch_id is within MAX_WATCH_ADDRESSES before\nusing it.  Also use BIT(watch_id) to test and clear bits safely.\n\nThis keeps the behavior unchanged for valid watch IDs and avoids\nundefined behavior for invalid ones.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_debug.c:448\nkfd_dbg_trap_clear_dev_address_watch() error: buffer overflow\n'pdd->watch_points' 4 <= u32max user_rl='0-3,2147483648-u32max' uncapped\n\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_debug.c\n    433 int kfd_dbg_trap_clear_dev_address_watch(struct kfd_process_device *pdd,\n    434                                         uint32_t watch_id)\n    435 {\n    436         int r;\n    437\n    438         if (!kfd_dbg_owns_dev_watch_id(pdd, watch_id))\n\nkfd_dbg_owns_dev_watch_id() doesn't check for negative values so if\nwatch_id is larger than INT_MAX it leads to a buffer overflow.\n(Negative shifts are undefined).\n\n    439                 return -EINVAL;\n    440\n    441         if (!pdd->dev->kfd->shared_resources.enable_mes) {\n    442                 r = debug_lock_and_unmap(pdd->dev->dqm);\n    443                 if (r)\n    444                         return r;\n    445         }\n    446\n    447         amdgpu_gfx_off_ctrl(pdd->dev->adev, false);\n--> 448         pdd->watch_points[watch_id] = pdd->dev->kfd2kgd->clear_address_watch(\n    449                                                         pdd->dev->adev,\n    450                                                         watch_id);\n\nv2: (as per, Jonathan Kim)\n - Add early watch_id >= MAX_WATCH_ADDRESSES validation in the set path to\n   match the clear path.\n - Drop the redundant bounds check in kfd_dbg_owns_dev_watch_id()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_debug.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e0f85f4690d089cc1a60337decafb1acf7eec45e","lessThan":"971bf8e61e9b4abaacf9b35eaf76ec222758f9d6","versionType":"git","status":"affected"},{"version":"e0f85f4690d089cc1a60337decafb1acf7eec45e","lessThan":"a0d367e13db63a6ed76ee0d0a8c3a58c1fa98488","versionType":"git","status":"affected"},{"version":"e0f85f4690d089cc1a60337decafb1acf7eec45e","lessThan":"2b36c0c1bcbbe15f6cfa9652084b3124c835a150","versionType":"git","status":"affected"},{"version":"e0f85f4690d089cc1a60337decafb1acf7eec45e","lessThan":"3c38a0f07aa2bfef2b219b1f045534ad93f85afd","versionType":"git","status":"affected"},{"version":"e0f85f4690d089cc1a60337decafb1acf7eec45e","lessThan":"5a19302cab5cec7ae7f1a60c619951e6c17d8742","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_debug.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.128","matchCriteriaId":"A502C6C1-0CFB-4C9B-8A24-C76507206FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b36c0c1bcbbe15f6cfa9652084b3124c835a150","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c38a0f07aa2bfef2b219b1f045534ad93f85afd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a19302cab5cec7ae7f1a60c619951e6c17d8742","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/971bf8e61e9b4abaacf9b35eaf76ec222758f9d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0d367e13db63a6ed76ee0d0a8c3a58c1fa98488","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45879","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.677","lastModified":"2026-06-25T21:12:07.587","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq25980: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/bq25980_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"86f93dfb23f5bf4f285c4256a7e909d222f7de56","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"0560a4b09c92e2ecaa883965cf6f9ca51c158ff9","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"0de95d29d847c6217b7d5845e24a71a4aee7b359","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"4aeaf03c17260415c2fdd55992f9ad4188d5455a","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"abea607ff2f62f4c0a5fb29f7fbdaaab163276a4","versionType":"git","status":"affected"},{"version":"5069185fc18e810715a91d80fcd075e03add600c","lessThan":"5f0b1cb41906e86b64bf69f5ededb83b0d757c27","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/bq25980_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.252","matchCriteriaId":"FB2C2DAE-FC61-4054-BF05-406CAE1F7C71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03d1e4ee4e6aa6d2966e883e4ca0e5be73bf1b7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0560a4b09c92e2ecaa883965cf6f9ca51c158ff9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0de95d29d847c6217b7d5845e24a71a4aee7b359","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/16875e3b7bc9e59bfa0acaf1e43f275a6f42a30f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4aeaf03c17260415c2fdd55992f9ad4188d5455a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5f0b1cb41906e86b64bf69f5ededb83b0d757c27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86f93dfb23f5bf4f285c4256a7e909d222f7de56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abea607ff2f62f4c0a5fb29f7fbdaaab163276a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45880","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.813","lastModified":"2026-06-25T21:12:11.043","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails\n\nWhen vm_insert_page() fails in p2pmem_alloc_mmap(), p2pmem_alloc_mmap()\ndoesn't invoke percpu_ref_put() to free the per-CPU ref of pgmap acquired\nafter gen_pool_alloc_owner(), and memunmap_pages() will hang forever when\ntrying to remove the PCI device.\n\nFix it by adding the missed percpu_ref_put()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pci/p2pdma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7e9c7ef83d785236f5a8c3761dd053fae9b92fb8","lessThan":"baa42b756d183a59572f3890981a3d32b8d05d40","versionType":"git","status":"affected"},{"version":"7e9c7ef83d785236f5a8c3761dd053fae9b92fb8","lessThan":"51b7181cfbedf289ce794b6d97a1c596c309ec38","versionType":"git","status":"affected"},{"version":"7e9c7ef83d785236f5a8c3761dd053fae9b92fb8","lessThan":"e19cce88ec4c4877f4ff2469099b9cf23cc3e93e","versionType":"git","status":"affected"},{"version":"7e9c7ef83d785236f5a8c3761dd053fae9b92fb8","lessThan":"a1f4dc72efc3204db95d052058d785cad7ce755f","versionType":"git","status":"affected"},{"version":"7e9c7ef83d785236f5a8c3761dd053fae9b92fb8","lessThan":"6220694c52a5a04102b48109e4f24e958b559bd3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pci/p2pdma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/51b7181cfbedf289ce794b6d97a1c596c309ec38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6220694c52a5a04102b48109e4f24e958b559bd3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1f4dc72efc3204db95d052058d785cad7ce755f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baa42b756d183a59572f3890981a3d32b8d05d40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e19cce88ec4c4877f4ff2469099b9cf23cc3e93e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45881","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:01.930","lastModified":"2026-06-25T21:12:13.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: mediatek: svs: Fix memory leak in svs_enable_debug_write()\n\nIn svs_enable_debug_write(), the buf allocated by memdup_user_nul()\nis leaked if kstrtoint() fails.\n\nFix this by using __free(kfree) to automatically free buf, eliminating\nthe need for explicit kfree() calls and preventing leaks.\n\n[Angelo: Added missing cleanup.h inclusion]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/soc/mediatek/mtk-svs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"47a3e372f7d68776adb749a27c0ec9058ff1b4fd","versionType":"git","status":"affected"},{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"06195456c4e4de3826c4ca60eca941c472f991d0","versionType":"git","status":"affected"},{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"a58c97828911c0b6e25d6b556789da974003efda","versionType":"git","status":"affected"},{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"0f6498077faa9cd89bb787bcc57063494a6f0601","versionType":"git","status":"affected"},{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"6bb10466e0884b4a68d4a1f3f4bb87eeb471c18a","versionType":"git","status":"affected"},{"version":"13f1bbcfb5822fcaacfc652017b57b79ffcacefa","lessThan":"6259094ee806fb813ca95894c65fb80e2ec98bf1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/soc/mediatek/mtk-svs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.165","matchCriteriaId":"CCAEAB8E-BC62-4F74-ABC0-E38788A92B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06195456c4e4de3826c4ca60eca941c472f991d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0f6498077faa9cd89bb787bcc57063494a6f0601","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47a3e372f7d68776adb749a27c0ec9058ff1b4fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6259094ee806fb813ca95894c65fb80e2ec98bf1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6bb10466e0884b4a68d4a1f3f4bb87eeb471c18a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a58c97828911c0b6e25d6b556789da974003efda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45882","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.047","lastModified":"2026-06-25T21:12:16.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/pm8916_bms_vm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"098bce1838e0549228c8d426e5de72ec5594b5c4","lessThan":"b69bb88e20c6f8e998dff3e13a316207f49d3fa2","versionType":"git","status":"affected"},{"version":"098bce1838e0549228c8d426e5de72ec5594b5c4","lessThan":"a8b7117ae3a791c6a328674d05a06cd45d8241bd","versionType":"git","status":"affected"},{"version":"098bce1838e0549228c8d426e5de72ec5594b5c4","lessThan":"17db6b3abd823c9fba3f3413c4f0f432d99d49dc","versionType":"git","status":"affected"},{"version":"098bce1838e0549228c8d426e5de72ec5594b5c4","lessThan":"62914959b35e9a1e29cc0f64cb8cfc5075a5366f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/pm8916_bms_vm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17db6b3abd823c9fba3f3413c4f0f432d99d49dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/62914959b35e9a1e29cc0f64cb8cfc5075a5366f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8b7117ae3a791c6a328674d05a06cd45d8241bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b69bb88e20c6f8e998dff3e13a316207f49d3fa2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45883","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.170","lastModified":"2026-06-25T21:12:29.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: sca3000: Fix a resource leak in sca3000_probe()\n\nspi->irq from request_threaded_irq() not released when\niio_device_register() fails. Add an return value check and jump to a\ncommon error handler when iio_device_register() fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iio/accel/sca3000.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"55e13abf22c27a3b0ab5cf941dd07a2d9786736c","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"40c860ece22542178cddcf01b08644bcdbc597b3","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"597d749c5180f3e351837e851a6131b140324e9f","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"e8e960c3d23fdb4882d70d34ce762368da0f1427","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"103ac8e3a7f345a0966ef582b8a874ac31a92c7c","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"517d9f2b963089b3d64c23accf7920d77f5a30c8","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"84d3c396d8ae73c24dececfcc4e544ea09311e32","versionType":"git","status":"affected"},{"version":"9a4936dc89a34e002946a6c08b330918ec6afab8","lessThan":"62b44ebc1f2c71db3ca2d4737c52e433f6f03038","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iio/accel/sca3000.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.252","matchCriteriaId":"6237C80F-2950-41ED-A424-2872192E5F12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/103ac8e3a7f345a0966ef582b8a874ac31a92c7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/40c860ece22542178cddcf01b08644bcdbc597b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/517d9f2b963089b3d64c23accf7920d77f5a30c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/55e13abf22c27a3b0ab5cf941dd07a2d9786736c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/597d749c5180f3e351837e851a6131b140324e9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/62b44ebc1f2c71db3ca2d4737c52e433f6f03038","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84d3c396d8ae73c24dececfcc4e544ea09311e32","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8e960c3d23fdb4882d70d34ce762368da0f1427","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45884","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.290","lastModified":"2026-06-25T21:12:55.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid per-cpu hold underflow in aa_get_buffer\n\nWhen aa_get_buffer() pulls from the per-cpu list it unconditionally\ndecrements cache->hold. If hold reaches 0 while count is still non-zero,\nthe unsigned decrement wraps to UINT_MAX. This keeps hold non-zero for a\nvery long time, so aa_put_buffer() never returns buffers to the global\nlist, which can starve other CPUs and force repeated kmalloc(aa_g_path_max)\nallocations.\n\nGuard the decrement so hold never underflows."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/apparmor/lsm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ea9bae12d02819556db63348db8bd8441eb316f2","lessThan":"202824a1f89a9786c20a3d646a7c88d223abb1b2","versionType":"git","status":"affected"},{"version":"ea9bae12d02819556db63348db8bd8441eb316f2","lessThan":"80c334acc6d0bee8605a358a33e69b4aea1ffb92","versionType":"git","status":"affected"},{"version":"ea9bae12d02819556db63348db8bd8441eb316f2","lessThan":"4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169","versionType":"git","status":"affected"},{"version":"ea9bae12d02819556db63348db8bd8441eb316f2","lessThan":"640cf2f09575c9dc344b3f7be2498d31e3923ead","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/apparmor/lsm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/202824a1f89a9786c20a3d646a7c88d223abb1b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/640cf2f09575c9dc344b3f7be2498d31e3923ead","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80c334acc6d0bee8605a358a33e69b4aea1ffb92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45885","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.417","lastModified":"2026-06-25T21:13:05.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: cpcap-battery: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/cpcap-battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"c549dd3de4b3f6e726d1b8386d40ccf7d3abdbe4","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"3ff75cba1c98349a23a8f9333981deba1972cc11","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"2ce2334be155bd8bad6377e99984246ce4dbd08c","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"cbb9b07f88a9ef6518934c41eb3e8cf840d657d5","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"f3fbe309c9bfe1aac1e2b26543e9dc4829f3275a","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"2841bbb5a35c4449c0a0458e8e476b2a62f95147","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"e261be6f18929f2397cd54cd583a2df624c129c1","versionType":"git","status":"affected"},{"version":"874b2adbed1253a11549cb9b7b912ab65fea9cf2","lessThan":"642f33e34b969eedec334738fd5df95d2dc42742","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/cpcap-battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.252","matchCriteriaId":"31A910C0-02A8-44D3-BAFE-9E8657D95FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2841bbb5a35c4449c0a0458e8e476b2a62f95147","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ce2334be155bd8bad6377e99984246ce4dbd08c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3ff75cba1c98349a23a8f9333981deba1972cc11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/642f33e34b969eedec334738fd5df95d2dc42742","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c549dd3de4b3f6e726d1b8386d40ccf7d3abdbe4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cbb9b07f88a9ef6518934c41eb3e8cf840d657d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e261be6f18929f2397cd54cd583a2df624c129c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3fbe309c9bfe1aac1e2b26543e9dc4829f3275a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45886","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.567","lastModified":"2026-06-25T21:13:18.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix bpf_xdp_store_bytes proto for read-only arg\n\nWhile making some maps in Cilium read-only from the BPF side, we noticed\nthat the bpf_xdp_store_bytes proto is incorrect. In particular, the\nverifier was throwing the following error:\n\n  ; ret = ctx_store_bytes(ctx, l3_off + offsetof(struct iphdr, saddr),\n                          &nat->address, 4, 0);\n  635: (79) r1 = *(u64 *)(r10 -144)     ; R1=ctx() R10=fp0 fp-144=ctx()\n  636: (b4) w2 = 26                     ; R2=26\n  637: (b4) w4 = 4                      ; R4=4\n  638: (b4) w5 = 0                      ; R5=0\n  639: (85) call bpf_xdp_store_bytes#190\n  write into map forbidden, value_size=6 off=0 size=4\n\nnat comes from a BPF_F_RDONLY_PROG map, so R3 is a PTR_TO_MAP_VALUE.\nThe verifier checks the helper's memory access to R3 in\ncheck_mem_size_reg, as it reaches ARG_CONST_SIZE argument. The third\nargument has expected type ARG_PTR_TO_UNINIT_MEM, which includes the\nMEM_WRITE flag. The verifier thus checks for a BPF_WRITE access on R3.\nGiven R3 points to a read-only map, the check fails.\n\nConversely, ARG_PTR_TO_UNINIT_MEM can also lead to the helper reading\nfrom uninitialized memory.\n\nThis patch simply fixes the expected argument type to match that of\nbpf_skb_store_bytes."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"ffb5d1c5e3933b947fc7303ad68bf0c536d0c85e","versionType":"git","status":"affected"},{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"ddc34a1b85505c919026ddc82fafdada9a160b15","versionType":"git","status":"affected"},{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"0db169a91381a473b7974021d1c02f8da72c5775","versionType":"git","status":"affected"},{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"d7b87adeb0eb539b9b824b101bb14fb01e41240b","versionType":"git","status":"affected"},{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"57f7f6a0ad04a65c8a7a067b2f56cbbf2aec9e52","versionType":"git","status":"affected"},{"version":"3f364222d032eea6b245780e845ad213dab28cdd","lessThan":"6557f1565d779851c4db9c488c49c05a47a6e72f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.165","matchCriteriaId":"3B9A8D13-BEFF-47C0-956C-415602FDDAAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0db169a91381a473b7974021d1c02f8da72c5775","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57f7f6a0ad04a65c8a7a067b2f56cbbf2aec9e52","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6557f1565d779851c4db9c488c49c05a47a6e72f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7b87adeb0eb539b9b824b101bb14fb01e41240b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ddc34a1b85505c919026ddc82fafdada9a160b15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ffb5d1c5e3933b947fc7303ad68bf0c536d0c85e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45887","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.713","lastModified":"2026-06-25T21:13:24.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix memleak of newsk in unix_stream_connect().\n\nWhen prepare_peercred() fails in unix_stream_connect(),\nunix_release_sock() is not called for newsk, and the memory\nis leaked.\n\nLet's move prepare_peercred() before unix_create1()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fd0a109a0f6b7524543d17520da92a44a9f5343c","lessThan":"365996a2b14d07caa9e33d367b67ea26c09d89b4","versionType":"git","status":"affected"},{"version":"fd0a109a0f6b7524543d17520da92a44a9f5343c","lessThan":"a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f","versionType":"git","status":"affected"},{"version":"fd0a109a0f6b7524543d17520da92a44a9f5343c","lessThan":"6884028cd7f275f8bcb854a347265cb1fb0e4bea","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.14","matchCriteriaId":"974ECCCC-3CBB-4A66-9A34-82621077D7F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/365996a2b14d07caa9e33d367b67ea26c09d89b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6884028cd7f275f8bcb854a347265cb1fb0e4bea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45888","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.813","lastModified":"2026-06-25T21:13:31.330","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: fix memory leak in raid1_run()\n\nraid1_run() calls setup_conf() which registers a thread via\nmd_register_thread(). If raid1_set_limits() fails, the previously\nregistered thread is not unregistered, resulting in a memory leak\nof the md_thread structure and the thread resource itself.\n\nAdd md_unregister_thread() to the error path to properly cleanup\nthe thread, which aligns with the error handling logic of other paths\nin this function.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/raid1.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"97894f7d3c2966164516a8a5109674763d3a55e1","lessThan":"c94fd6e8a71efd047ff36930e840f3c25679e136","versionType":"git","status":"affected"},{"version":"97894f7d3c2966164516a8a5109674763d3a55e1","lessThan":"ec10e3dc93994b87adf7c759a4639fe34013989a","versionType":"git","status":"affected"},{"version":"97894f7d3c2966164516a8a5109674763d3a55e1","lessThan":"b37588b0282a2b3cdda9db1d53712745ce66dea0","versionType":"git","status":"affected"},{"version":"97894f7d3c2966164516a8a5109674763d3a55e1","lessThan":"6abc7d5dcf0ee0f85e16e41c87fbd06231f28753","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/raid1.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.75","matchCriteriaId":"F8A1C6F6-2847-4C53-ABFC-8F07D96900D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6abc7d5dcf0ee0f85e16e41c87fbd06231f28753","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b37588b0282a2b3cdda9db1d53712745ce66dea0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c94fd6e8a71efd047ff36930e840f3c25679e136","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec10e3dc93994b87adf7c759a4639fe34013989a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45889","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:02.927","lastModified":"2026-06-25T21:11:20.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: do not account for OoO in mptcp_rcvbuf_grow()\n\nMPTCP-level OoOs are physiological when multiple subflows are active\nconcurrently and will not cause retransmissions nor are caused by\ndrops.\n\nAccounting for them in mptcp_rcvbuf_grow() causes the rcvbuf slowly\ndrifting towards tcp_rmem[2].\n\nRemove such accounting. Note that subflows will still account for TCP-level\nOoO when the MPTCP-level rcvbuf is propagated.\n\nThis also closes a subtle and very unlikely race condition with rcvspace\ninit; active sockets with user-space holding the msk-level socket lock,\ncould complete such initialization in the receive callback, after that the\nfirst OoO data reaches the rcvbuf and potentially triggering a divide by\nzero Oops."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/mptcp/protocol.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e118cdc34dd109562b64f6a397f68cd33b041d5b","lessThan":"fb7bf00b04a6b48859f52035d4e745848c2b4c79","versionType":"git","status":"affected"},{"version":"e118cdc34dd109562b64f6a397f68cd33b041d5b","lessThan":"400ee4854adef1e4983812a3decf6717ea020136","versionType":"git","status":"affected"},{"version":"e118cdc34dd109562b64f6a397f68cd33b041d5b","lessThan":"6b329393502e5857662b851a13f947209c588587","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/mptcp/protocol.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.14","matchCriteriaId":"3E0E101B-8972-4E77-80E0-D97AC3CA57C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/400ee4854adef1e4983812a3decf6717ea020136","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6b329393502e5857662b851a13f947209c588587","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb7bf00b04a6b48859f52035d4e745848c2b4c79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45890","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.040","lastModified":"2026-06-25T21:13:36.357","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netback: reject zero-queue configuration from guest\n\nA malicious or buggy Xen guest can write \"0\" to the xenbus key\n\"multi-queue-num-queues\". The connect() function in the backend only\nvalidates the upper bound (requested_num_queues > xenvif_max_queues)\nbut not zero, allowing requested_num_queues=0 to reach\nvzalloc(array_size(0, sizeof(struct xenvif_queue))), which triggers\nWARN_ON_ONCE(!size) in __vmalloc_node_range().\n\nOn systems with panic_on_warn=1, this allows a guest-to-host denial\nof service.\n\nThe Xen network interface specification requires\nthe queue count to be \"greater than zero\".\n\nAdd a zero check to match the validation already present\nin xen-blkback, which has included this\nguard since its multi-queue support was added."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/xen-netback/xenbus.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"2993e0f904c45f8af12917344bb1cac7ccd05a60","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"787bfa423228c4b02ba3368128f625d579085353","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"ce66d6786de45b7ed9cbbdc0988054bf09e58f54","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"88b0fced1bbbfdb356a007592604008ffc93a6a1","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"ec4859ac5c933e3315543a61adc1ca4358006a41","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"654780dee9eae419e1648ea58462c4efe54518fa","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"d99f69ddc70fd9f4b8148add62209a1a8eb5c615","versionType":"git","status":"affected"},{"version":"8d3d53b3e43363e79ab9a9ecc149b06c1314b25d","lessThan":"6d1dc8014334c7fb25719999bca84d811e60a559","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/xen-netback/xenbus.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.16","status":"affected"},{"version":"0","lessThan":"3.16","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16","versionEndExcluding":"5.10.252","matchCriteriaId":"40A01DC6-4E7C-4A4D-B8D2-5B062D9A72B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2993e0f904c45f8af12917344bb1cac7ccd05a60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/654780dee9eae419e1648ea58462c4efe54518fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d1dc8014334c7fb25719999bca84d811e60a559","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/787bfa423228c4b02ba3368128f625d579085353","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/88b0fced1bbbfdb356a007592604008ffc93a6a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce66d6786de45b7ed9cbbdc0988054bf09e58f54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d99f69ddc70fd9f4b8148add62209a1a8eb5c615","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec4859ac5c933e3315543a61adc1ca4358006a41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45891","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.183","lastModified":"2026-06-25T21:11:03.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix double free issue for tx spare buffer\n\nIn hns3_set_ringparam(), a temporary copy (tmp_rings) of the ring structure\nis created for rollback. However, the tx_spare pointer in the original\nring handle is incorrectly left pointing to the old backup memory.\n\nLater, if memory allocation fails in hns3_init_all_ring() during the setup,\nthe error path attempts to free all newly allocated rings. Since tx_spare\ncontains a stale (non-NULL) pointer from the backup, it is mistaken for\na newly allocated buffer and is erroneously freed, leading to a double-free\nof the backup memory.\n\nThe root cause is that the tx_spare field was not cleared after its value\nwas saved in tmp_rings, leaving a dangling pointer.\n\nFix this by setting tx_spare to NULL in the original ring structure\nwhen the creation of the new `tx_spare` fails. This ensures the\nerror cleanup path only frees genuinely newly allocated buffers."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"fb6a4c376d454b425555b1b0bda36e99f56ec307","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"43015461662d41dcfb3bb95fadd8a2a42ad8eacf","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"6dc10494cfe27b6f1e9adb7e293293ae39c50b7c","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"d2c785733dfb853ea0b53984c75662a1af230a94","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"fdbccddb7e7822016601829f95de4008e193f7bc","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"c3659273860bed0c8e573b865e3769abc51225a8","versionType":"git","status":"affected"},{"version":"907676b130711fd1f627824559e92259db2061d1","lessThan":"6d2f142b1e4b203387a92519d9d2e34752a79dbb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.202","matchCriteriaId":"073AF12C-E4C9-43A0-A31D-73F15E62199C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43015461662d41dcfb3bb95fadd8a2a42ad8eacf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d2f142b1e4b203387a92519d9d2e34752a79dbb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6dc10494cfe27b6f1e9adb7e293293ae39c50b7c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3659273860bed0c8e573b865e3769abc51225a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d2c785733dfb853ea0b53984c75662a1af230a94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb6a4c376d454b425555b1b0bda36e99f56ec307","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdbccddb7e7822016601829f95de4008e193f7bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45892","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.353","lastModified":"2026-06-25T21:11:06.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache after doing PARTIAL_VALID1 zeroout\n\nWhen splitting an unwritten extent in the middle and converting it to\ninitialized in ext4_split_extent() with the EXT4_EXT_MAY_ZEROOUT and\nEXT4_EXT_DATA_VALID2 flags set, it could leave a stale unwritten extent.\n\nAssume we have an unwritten file and buffered write in the middle of it\nwithout dioread_nolock enabled, it will allocate blocks as written\nextent.\n\n       0  A      B  N\n       [UUUUUUUUUUUU] on-disk extent      U: unwritten extent\n       [UUUUUUUUUUUU] extent status tree\n       [--DDDDDDDD--]                     D: valid data\n          |<-  ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and leave the entire extent as unwritten.\n\n       0  A      B  N\n       [UUUUUUUUUUUU] on-disk extent\n       [UUUUUUUUUUUU] extent status tree\n       [--DDDDDDDDZZ]                     Z: zeroed data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and\nleave an written extent from A to N.\n\n       0  A      B  N\n       [UUWWWWWWWWWW] on-disk extent      W: written extent\n       [UUUUUUUUUUUU] extent status tree\n       [--DDDDDDDDZZ]\n\nFinally ext4_map_create_blocks() only insert extent A to B to the extent\nstatus tree, and leave an stale unwritten extent in the status tree.\n\n       0  A      B  N\n       [UUWWWWWWWWWW] on-disk extent      W: written extent\n       [UUWWWWWWWWUU] extent status tree\n       [--DDDDDDDDZZ]\n\nFix this issue by always cached extent status entry after zeroing out\nthe second part."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ddf854e59166533b0f46ba32cd6cd9aca3197d1b","lessThan":"28db4bfc6f82fd20e2aadb7fc162244109a4eb31","versionType":"git","status":"affected"},{"version":"58ddae5d77b1db3a27b891c75a8fa120239ac092","lessThan":"f0931a5c17005a0c4fc35bd1a001245effc3354b","versionType":"git","status":"affected"},{"version":"d17857b4fb9ba5745b59be0ef38fd532991fccbf","lessThan":"d8ee559fccdef713f058cfe5f2c03dc9b18be3b1","versionType":"git","status":"affected"},{"version":"d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","lessThan":"c2ee51d684adca7645e4aa74adca13f6750390bc","versionType":"git","status":"affected"},{"version":"7015fcf473796e1d2d876f241bd9e0c36f3d4eef","lessThan":"a1b962a821e7a52d48212ae269b45808b4411267","versionType":"git","status":"affected"},{"version":"1bf6974822d1dba86cf11b5f05498581cf3488a2","lessThan":"6d882ea3b0931b43530d44149b79fcd4ffc13030","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1.167","lessThan":"6.1.168","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1.167:*:*:*:*:*:*:*","matchCriteriaId":"B898A4FB-4E74-40F7-B523-B71FFB681B6D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28db4bfc6f82fd20e2aadb7fc162244109a4eb31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6d882ea3b0931b43530d44149b79fcd4ffc13030","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1b962a821e7a52d48212ae269b45808b4411267","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2ee51d684adca7645e4aa74adca13f6750390bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d8ee559fccdef713f058cfe5f2c03dc9b18be3b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0931a5c17005a0c4fc35bd1a001245effc3354b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45893","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.487","lastModified":"2026-06-25T21:10:15.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix & Optimize table creation from possibly unaligned memory\n\nSource blob may come from userspace and might be unaligned.\nTry to optize the copying process by avoiding unaligned memory accesses.\n\n- Added Fixes tag\n- Added \"Fix &\" to description as this doesn't just optimize but fixes\n        a potential unaligned memory access\n[jj: remove duplicate word \"convert\" in comment trigger checkpatch warning]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/apparmor/include/match.h","security/apparmor/match.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e6e8bf418850d7958311a96ccfb594f2bcc8313e","lessThan":"47e351dfef60ab0e3285133556e1a9c7f646a969","versionType":"git","status":"affected"},{"version":"e6e8bf418850d7958311a96ccfb594f2bcc8313e","lessThan":"e027999049c493fb728ead5a90db76942181a935","versionType":"git","status":"affected"},{"version":"e6e8bf418850d7958311a96ccfb594f2bcc8313e","lessThan":"226c3b10aab23f73b03c47e7773107de56ba3a4e","versionType":"git","status":"affected"},{"version":"e6e8bf418850d7958311a96ccfb594f2bcc8313e","lessThan":"6fc367bfd4c8886e6b1742aabbd1c0bdc310db3a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/apparmor/include/match.h","security/apparmor/match.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.12.75","matchCriteriaId":"9460E9E9-5019-444D-B0AD-BB3A9C752456"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/226c3b10aab23f73b03c47e7773107de56ba3a4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47e351dfef60ab0e3285133556e1a9c7f646a969","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fc367bfd4c8886e6b1742aabbd1c0bdc310db3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e027999049c493fb728ead5a90db76942181a935","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45894","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.610","lastModified":"2026-06-25T21:10:07.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Clear Present bit before tearing down PASID entry\n\nThe Intel VT-d Scalable Mode PASID table entry consists of 512 bits (64\nbytes). When tearing down an entry, the current implementation zeros the\nentire 64-byte structure immediately using multiple 64-bit writes.\n\nSince the IOMMU hardware may fetch these 64 bytes using multiple\ninternal transactions (e.g., four 128-bit bursts), updating or zeroing\nthe entire entry while it is active (P=1) risks a \"torn\" read. If a\nhardware fetch occurs simultaneously with the CPU zeroing the entry, the\nhardware could observe an inconsistent state, leading to unpredictable\nbehavior or spurious faults.\n\nFollow the \"Guidance to Software for Invalidations\" in the VT-d spec\n(Section 6.5.3.3) by implementing the recommended ownership handshake:\n\n1. Clear only the 'Present' (P) bit of the PASID entry.\n2. Use a dma_wmb() to ensure the cleared bit is visible to hardware\n   before proceeding.\n3. Execute the required invalidation sequence (PASID cache, IOTLB, and\n   Device-TLB flush) to ensure the hardware has released all cached\n   references.\n4. Only after the flushes are complete, zero out the remaining fields\n   of the PASID entry.\n\nAlso, add a dma_wmb() in pasid_set_present() to ensure that all other\nfields of the PASID entry are visible to the hardware before the Present\nbit is set."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/intel/pasid.c","drivers/iommu/intel/pasid.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0bbeb01a4fafbf8422e5c8882d461d6ac4f71e15","lessThan":"a84d30e8d2bacd21782a6481158b7c9c552f4868","versionType":"git","status":"affected"},{"version":"0bbeb01a4fafbf8422e5c8882d461d6ac4f71e15","lessThan":"821807c167b7b48a41b95b6607c6b9f97600f7d9","versionType":"git","status":"affected"},{"version":"0bbeb01a4fafbf8422e5c8882d461d6ac4f71e15","lessThan":"949d71666e9dd19f21e7b4b53a88cd2c5b902858","versionType":"git","status":"affected"},{"version":"0bbeb01a4fafbf8422e5c8882d461d6ac4f71e15","lessThan":"75ed00055c059dedc47b5daaaa2f8a7a019138ff","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/intel/pasid.c","drivers/iommu/intel/pasid.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"6.12.75","matchCriteriaId":"458DA2B3-ABC5-462C-B5EE-93B1A52049FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/75ed00055c059dedc47b5daaaa2f8a7a019138ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/821807c167b7b48a41b95b6607c6b9f97600f7d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/949d71666e9dd19f21e7b4b53a88cd2c5b902858","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a84d30e8d2bacd21782a6481158b7c9c552f4868","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45895","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.733","lastModified":"2026-06-25T21:09:58.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nquota: fix livelock between quotactl and freeze_super\n\nWhen a filesystem is frozen, quotactl_block() enters a retry loop\nwaiting for the filesystem to thaw. It acquires s_umount, checks the\nfreeze state, drops s_umount and uses sb_start_write() - sb_end_write()\npair to wait for the unfreeze.\n\nHowever, this retry loop can trigger a livelock issue, specifically on\nkernels with preemption disabled.\n\nThe mechanism is as follows:\n1. freeze_super() sets SB_FREEZE_WRITE and calls sb_wait_write().\n2. sb_wait_write() calls percpu_down_write(), which initiates\n   synchronize_rcu().\n3. Simultaneously, quotactl_block() spins in its retry loop, immediately\n   executing the sb_start_write() - sb_end_write() pair.\n4. Because the kernel is non-preemptible and the loop contains no\n   scheduling points, quotactl_block() never yields the CPU. This\n   prevents that CPU from reaching an RCU quiescent state.\n5. synchronize_rcu() in the freezer thread waits indefinitely for the\n   quotactl_block() CPU to report a quiescent state.\n6. quotactl_block() spins indefinitely waiting for the freezer to\n   advance, which it cannot do as it is blocked on the RCU sync.\n\nThis results in a hang of the freezer process and 100% CPU usage by the\nquota process.\n\nWhile this can occur intermittently on multi-core systems, it is\nreliably reproducing on a node with the following script, running both\nthe freezer and the quota toggle on the same CPU:\n\n  # mkfs.ext4 -O quota /dev/sda 2g && mkdir a_mount\n  # mount /dev/sda -o quota,usrquota,grpquota a_mount\n  # taskset -c 3 bash -c \"while true; do xfs_freeze -f a_mount; \\\n    xfs_freeze -u a_mount; done\" &\n  # taskset -c 3 bash -c \"while true; do quotaon a_mount; \\\n    quotaoff a_mount; done\" &\n\nAdding cond_resched() to the retry loop fixes the issue. It acts as an\nRCU quiescent state, allowing synchronize_rcu() in percpu_down_write()\nto complete."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/quota/quota.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"576215cffdefc1f0ceebffd87abb390926e6b037","lessThan":"37ccd48cf35f3c8b9f2ea961a7b486b91eb71a82","versionType":"git","status":"affected"},{"version":"576215cffdefc1f0ceebffd87abb390926e6b037","lessThan":"414259caf81a397563fc9baca9c0ef856c4a97cf","versionType":"git","status":"affected"},{"version":"576215cffdefc1f0ceebffd87abb390926e6b037","lessThan":"02bb1500f1479750e6557c8044f6a2d7e9d30c12","versionType":"git","status":"affected"},{"version":"576215cffdefc1f0ceebffd87abb390926e6b037","lessThan":"53b2314b26b6640a3657cc924de63a1a8f26ac4d","versionType":"git","status":"affected"},{"version":"576215cffdefc1f0ceebffd87abb390926e6b037","lessThan":"77449e453dfc006ad738dec55374c4cbc056fd39","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/quota/quota.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.128","matchCriteriaId":"A502C6C1-0CFB-4C9B-8A24-C76507206FA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02bb1500f1479750e6557c8044f6a2d7e9d30c12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37ccd48cf35f3c8b9f2ea961a7b486b91eb71a82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/414259caf81a397563fc9baca9c0ef856c4a97cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53b2314b26b6640a3657cc924de63a1a8f26ac4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77449e453dfc006ad738dec55374c4cbc056fd39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45896","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.860","lastModified":"2026-06-25T21:09:48.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: intel-dg: Fix accessing regions before setting nregions\n\nThe regions array is counted by nregions, but it's set only after\naccessing it:\n\n[] UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15\n[] index 0 is out of range for type '<unknown> [*]'\n\nFix it by also fixing an undesired behavior: the loop silently ignores\nENOMEM and continues setting the other entries."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/mtd/devices/mtd_intel_dg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ceb5ab3cb64637952657be23d347e1c79dd02212","lessThan":"721bd22bcf45a63ebd9bd0f478ef721b45cc5383","versionType":"git","status":"affected"},{"version":"ceb5ab3cb64637952657be23d347e1c79dd02212","lessThan":"d58fca8513414b15387460b14a7a0a30405b9c9e","versionType":"git","status":"affected"},{"version":"ceb5ab3cb64637952657be23d347e1c79dd02212","lessThan":"779c59274d03cc5c07237a2c845dfb71cff77705","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/mtd/devices/mtd_intel_dg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.14","matchCriteriaId":"26EE06AD-A558-4B3A-9C7C-9EBD5CF65449"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/721bd22bcf45a63ebd9bd0f478ef721b45cc5383","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/779c59274d03cc5c07237a2c845dfb71cff77705","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d58fca8513414b15387460b14a7a0a30405b9c9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45897","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:03.977","lastModified":"2026-06-25T21:09:45.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nft_counter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","lessThan":"0cdc6d5a26f2d1f7f15a43526841b679445c32e2","versionType":"git","status":"affected"},{"version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","lessThan":"779c60a5190c42689534172f4b49e927c9959e4e","versionType":"git","status":"affected"},{"version":"fb1adb05ea87b6149e65a31e511756c4f470d0cd","versionType":"git","status":"affected"},{"version":"f123293db16dcd0cd81b246ae60e6362f0025d0a","versionType":"git","status":"affected"},{"version":"6.1.107","lessThan":"6.2","versionType":"semver","status":"affected"},{"version":"6.6.48","lessThan":"6.7","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nft_counter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","versionEndExcluding":"6.2","matchCriteriaId":"8A1E4A4D-E736-4034-B734-953CD5D22F1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.48","versionEndExcluding":"6.19.4","matchCriteriaId":"B3E44F97-A592-4211-A207-407DFC22549C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45899","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.227","lastModified":"2026-06-25T21:09:27.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache when splitting extent fails\n\nWhen the split extent fails, we might leave some extents still being\nprocessed and return an error directly, which will result in stale\nextent entries remaining in the extent status tree. So drop all of the\nremaining potentially stale extents if the splitting fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"6e54f8dfee359bbd58086c883ea8cffd5312999d","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"337506dc652383c80839edb8d8dcdd8ff2129b4f","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"dc7c9b9d03a59a7fe483574531327e650a4b4adc","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"120c6bd7ca9d3e80a968b758cbb3fbd67570f132","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"808f3191498f300174523c54cab101e18795ae4e","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"31bf37cf53ede8145e2bc62da803d4506da92975","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"79b592e8f1b435796cbc2722190368e3e8ffd7a1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","versionType":"semver","status":"unaffected"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.253","matchCriteriaId":"0ECA9FA3-7D5A-47DF-96CD-50ED0F72C020"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.6.130","matchCriteriaId":"BA396CE4-960C-4CDD-8691-B9AE924E2BB0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/120c6bd7ca9d3e80a968b758cbb3fbd67570f132","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31bf37cf53ede8145e2bc62da803d4506da92975","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/337506dc652383c80839edb8d8dcdd8ff2129b4f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e54f8dfee359bbd58086c883ea8cffd5312999d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/79b592e8f1b435796cbc2722190368e3e8ffd7a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/808f3191498f300174523c54cab101e18795ae4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc7c9b9d03a59a7fe483574531327e650a4b4adc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45900","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.360","lastModified":"2026-06-24T16:35:57.417","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - fix netdev memory leak in dpaa2_caam_probe\n\nWhen commit 0e1a4d427f58 (\"crypto: caam: Unembed net_dev structure in\ndpaa2\") converted embedded net_device to dynamically allocated pointers,\nit added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in\ndpaa2_dpseci_free() for error paths.\n\nThis causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe\ndue to DPIO devices not being ready yet. The kernel's deferred probe\nmechanism handles the retry successfully, but the netdevs allocated during\nthe failed probe attempt are never freed, resulting in kmemleak reports\nshowing multiple leaked netdev-related allocations all traced back to\ndpaa2_caam_probe().\n\nFix this by preserving the CPU mask of allocated netdevs during setup and\nusing it for cleanup in dpaa2_dpseci_free(). This approach ensures that\nonly the CPUs that actually had netdevs allocated will be cleaned up,\navoiding potential issues with CPU hotplug scenarios."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamalg_qi2.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0e1a4d427f58b843864d835ccb79c32a118c6a77","lessThan":"d5c6f254528caf78d5de7d9646dc21c81d351827","versionType":"git","status":"affected"},{"version":"0e1a4d427f58b843864d835ccb79c32a118c6a77","lessThan":"d7decb572b55d2af33e59e9858fcee5d9ae69175","versionType":"git","status":"affected"},{"version":"0e1a4d427f58b843864d835ccb79c32a118c6a77","lessThan":"e144cce29851610ce9c6eda405ce21118779aa51","versionType":"git","status":"affected"},{"version":"0e1a4d427f58b843864d835ccb79c32a118c6a77","lessThan":"7d43252b3060b0ba4a192dce5dba85a3f39ffe39","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamalg_qi2.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7d43252b3060b0ba4a192dce5dba85a3f39ffe39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5c6f254528caf78d5de7d9646dc21c81d351827","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7decb572b55d2af33e59e9858fcee5d9ae69175","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e144cce29851610ce9c6eda405ce21118779aa51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45901","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.483","lastModified":"2026-06-24T16:35:44.580","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: revert commit_mutex usage in reset path\n\nIt causes circular lock dependency between commit_mutex, nfnl_subsys_ipset\nand nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set'\nrule run at the same time.\n\nPrevious patches made it safe to run individual reset handlers concurrently\nso commit_mutex is no longer required to prevent this."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nf_tables_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","lessThan":"ee3978b6a0dcd4215cb7cedcba705a12174786a7","versionType":"git","status":"affected"},{"version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","lessThan":"7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc","versionType":"git","status":"affected"},{"version":"fb1adb05ea87b6149e65a31e511756c4f470d0cd","versionType":"git","status":"affected"},{"version":"f123293db16dcd0cd81b246ae60e6362f0025d0a","versionType":"git","status":"affected"},{"version":"6.1.107","lessThan":"6.2","versionType":"semver","status":"affected"},{"version":"6.6.48","lessThan":"6.7","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nf_tables_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","versionEndExcluding":"6.2","matchCriteriaId":"8A1E4A4D-E736-4034-B734-953CD5D22F1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.48","versionEndExcluding":"6.19.4","matchCriteriaId":"B3E44F97-A592-4211-A207-407DFC22549C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee3978b6a0dcd4215cb7cedcba705a12174786a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45902","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.583","lastModified":"2026-06-24T16:29:02.353","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq256xx: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/bq256xx_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"81d3688c9a2158329391e08f2d0b8ba204216044","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"74b5a88318db97d51bb40f774736553c2acd1514","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"cb5c743936edcebc51880eeb6bf04979b5c9438b","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"83c27fdd696ac13d023ef7a0345301be93209c53","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"4b6fb0b6124f558131e502e3ffd03e6583b3ace6","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"8796910131a32ff29275052df768ef022929a394","versionType":"git","status":"affected"},{"version":"32e4978bb920d047fe5de3ea42d176f267c01f63","lessThan":"8005843369723d9c8975b7c4202d1b85d6125302","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/bq256xx_charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.15.202","matchCriteriaId":"D50913C4-6689-4F0C-A587-7397F492A17C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4b6fb0b6124f558131e502e3ffd03e6583b3ace6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/74b5a88318db97d51bb40f774736553c2acd1514","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8005843369723d9c8975b7c4202d1b85d6125302","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81d3688c9a2158329391e08f2d0b8ba204216044","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83c27fdd696ac13d023ef7a0345301be93209c53","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8796910131a32ff29275052df768ef022929a394","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb5c743936edcebc51880eeb6bf04979b5c9438b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45903","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.710","lastModified":"2026-06-24T16:28:55.553","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memory access flags in helper prototypes\n\nAfter commit 37cce22dbd51 (\"bpf: verifier: Refactor helper access type tracking\"),\nthe verifier started relying on the access type flags in helper\nfunction prototypes to perform memory access optimizations.\n\nCurrently, several helper functions utilizing ARG_PTR_TO_MEM lack the\ncorresponding MEM_RDONLY or MEM_WRITE flags. This omission causes the\nverifier to incorrectly assume that the buffer contents are unchanged\nacross the helper call. Consequently, the verifier may optimize away\nsubsequent reads based on this wrong assumption, leading to correctness\nissues.\n\nFor bpf_get_stack_proto_raw_tp, the original MEM_RDONLY was incorrect\nsince the helper writes to the buffer. Change it to ARG_PTR_TO_UNINIT_MEM\nwhich correctly indicates write access to potentially uninitialized memory.\n\nSimilar issues were recently addressed for specific helpers in commit\nac44dcc788b9 (\"bpf: Fix verifier assumptions of bpf_d_path's output buffer\")\nand commit 2eb7648558a7 (\"bpf: Specify access type of bpf_sysctl_get_name args\").\n\nFix these prototypes by adding the correct memory access flags."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/helpers.c","kernel/bpf/syscall.c","kernel/trace/bpf_trace.c","net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"37cce22dbd51a3ef7f6c08c3fb5f1c5075a17fbb","lessThan":"fdfe75161f6e8c41a7d3023fbb815b537107b806","versionType":"git","status":"affected"},{"version":"37cce22dbd51a3ef7f6c08c3fb5f1c5075a17fbb","lessThan":"aa319592892068bd960c1a1c07bd621085b0c63d","versionType":"git","status":"affected"},{"version":"37cce22dbd51a3ef7f6c08c3fb5f1c5075a17fbb","lessThan":"802eef5afb1865bc5536a5302c068ba2215a1f72","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/helpers.c","kernel/bpf/syscall.c","kernel/trace/bpf_trace.c","net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.14","matchCriteriaId":"C969BF0A-760D-435A-9705-6ED20216C1BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/802eef5afb1865bc5536a5302c068ba2215a1f72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa319592892068bd960c1a1c07bd621085b0c63d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdfe75161f6e8c41a7d3023fbb815b537107b806","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45904","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.820","lastModified":"2026-06-24T16:28:46.760","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling\n\nThe recent commit 1010b4c012b0 (\"powerpc/eeh: Make EEH driver device\nhotplug safe\") restructured the EEH driver to improve synchronization\nwith the PCI hotplug layer.\n\nHowever, it inadvertently moved pci_lock_rescan_remove() outside its\nintended scope in eeh_handle_normal_event(), leading to broken PCI\nerror reporting and improper EEH event triggering. Specifically,\neeh_handle_normal_event() acquired pci_lock_rescan_remove() before\ncalling eeh_pe_bus_get(), but eeh_pe_bus_get() itself attempts to\nacquire the same lock internally, causing nested locking and disrupting\nnormal EEH event handling paths.\n\nThis patch adds a boolean parameter do_lock to _eeh_pe_bus_get(),\nwith two public wrappers:\n    eeh_pe_bus_get() with locking enabled.\n    eeh_pe_bus_get_nolock() that skips locking.\n\nCallers that already hold pci_lock_rescan_remove() now use\neeh_pe_bus_get_nolock() to avoid recursive lock acquisition.\n\nAdditionally, pci_lock_rescan_remove() calls are restored to the correct\nposition—after eeh_pe_bus_get() and immediately before iterating affected\nPEs and devices. This ensures EEH-triggered PCI removes occur under proper\nbus rescan locking without recursive lock contention.\n\nThe eeh_pe_loc_get() function has been split into two functions:\n    eeh_pe_loc_get(struct eeh_pe *pe) which retrieves the loc for given PE.\n    eeh_pe_loc_get_bus(struct pci_bus *bus) which retrieves the location\n    code for given bus.\n\nThis resolves lockdep warnings such as:\n<snip>\n[   84.964298] [    T928] ============================================\n[   84.964304] [    T928] WARNING: possible recursive locking detected\n[   84.964311] [    T928] 6.18.0-rc3 #51 Not tainted\n[   84.964315] [    T928] --------------------------------------------\n[   84.964320] [    T928] eehd/928 is trying to acquire lock:\n[   84.964324] [    T928] c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40\n[   84.964342] [    T928]\n                       but task is already holding lock:\n[   84.964347] [    T928] c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40\n[   84.964357] [    T928]\n                       other info that might help us debug this:\n[   84.964363] [    T928]  Possible unsafe locking scenario:\n\n[   84.964367] [    T928]        CPU0\n[   84.964370] [    T928]        ----\n[   84.964373] [    T928]   lock(pci_rescan_remove_lock);\n[   84.964378] [    T928]   lock(pci_rescan_remove_lock);\n[   84.964383] [    T928]\n                       *** DEADLOCK ***\n\n[   84.964388] [    T928]  May be due to missing lock nesting notation\n\n[   84.964393] [    T928] 1 lock held by eehd/928:\n[   84.964397] [    T928]  #0: c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40\n[   84.964408] [    T928]\n                       stack backtrace:\n[   84.964414] [    T928] CPU: 2 UID: 0 PID: 928 Comm: eehd Not tainted 6.18.0-rc3 #51 VOLUNTARY\n[   84.964417] [    T928] Hardware name: IBM,9080-HEX POWER10 (architected) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_022) hv:phyp pSeries\n[   84.964419] [    T928] Call Trace:\n[   84.964420] [    T928] [c0000011a7157990] [c000000001705de4] dump_stack_lvl+0xc8/0x130 (unreliable)\n[   84.964424] [    T928] [c0000011a71579d0] [c0000000002f66e0] print_deadlock_bug+0x430/0x440\n[   84.964428] [    T928] [c0000011a7157a70] [c0000000002fd0c0] __lock_acquire+0x1530/0x2d80\n[   84.964431] [    T928] [c0000011a7157ba0] [c0000000002fea54] lock_acquire+0x144/0x410\n[   84.964433] [    T928] [c0000011a7157cb0] [c0000011a7157cb0] __mutex_lock+0xf4/0x1050\n[   84.964436] [    T928] [c0000011a7157e00] [c000000000de21d8] pci_lock_rescan_remove+0x28/0x40\n[   84.964439] [    T928] [c0000011a7157e20] [c00000000004ed98] eeh_pe_bus_get+0x48/0xc0\n[   84.964442] [    T928] [c0000011a7157e50] [c00000\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/include/asm/eeh.h","arch/powerpc/kernel/eeh_driver.c","arch/powerpc/kernel/eeh_pe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"502f08831a9afb72dc98a56ae6504da43e93b250","lessThan":"89810e2d80281d42f855fac813786758ee16e323","versionType":"git","status":"affected"},{"version":"f56e004b781719d8fdf6c9619b15caf2579bc1f2","lessThan":"788dd28fd49610d6047cbb15dbf1186afffdfbaf","versionType":"git","status":"affected"},{"version":"59c6d3d81d42bf543c90597b4f38c53d6874c5a1","lessThan":"f49faa4a64f8ac0e38983e606075b25dfcfc9ad4","versionType":"git","status":"affected"},{"version":"a426e8a6ae161f51888585b065db0f8f93ab2e16","lessThan":"87a1f93986aa1500b85aeff16b0b71c29ea116ea","versionType":"git","status":"affected"},{"version":"d2c60a8a387e9fcc28447ef36c03f8e49fd052a6","lessThan":"f8b16d5764ee1e78c1ef333017ad383ffe76fcdc","versionType":"git","status":"affected"},{"version":"1010b4c012b0d78dfb9d3132b49aa2ef024a07a7","lessThan":"6e6561231c6cfc32c5631aeecc0928ff2b14265c","versionType":"git","status":"affected"},{"version":"1010b4c012b0d78dfb9d3132b49aa2ef024a07a7","lessThan":"b85ee287bfe52c6b2d9b41758b5e0d08679d5b39","versionType":"git","status":"affected"},{"version":"1010b4c012b0d78dfb9d3132b49aa2ef024a07a7","lessThan":"815a8d2feb5615ae7f0b5befd206af0b0160614c","versionType":"git","status":"affected"},{"version":"d42bbd8f30ac38b1ce54715bf08ec3dac18d6b25","versionType":"git","status":"affected"},{"version":"19d5036e7ad766cf212aebec23b9f1d7924a62bc","versionType":"git","status":"affected"},{"version":"5.10.241","lessThan":"5.10.252","versionType":"semver","status":"affected"},{"version":"5.15.190","lessThan":"5.15.202","versionType":"semver","status":"affected"},{"version":"6.1.148","lessThan":"6.1.165","versionType":"semver","status":"affected"},{"version":"6.6.102","lessThan":"6.6.128","versionType":"semver","status":"affected"},{"version":"6.12.42","lessThan":"6.12.75","versionType":"semver","status":"affected"},{"version":"6.15.10","lessThan":"6.16","versionType":"semver","status":"affected"},{"version":"6.16.1","lessThan":"6.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/include/asm/eeh.h","arch/powerpc/kernel/eeh_driver.c","arch/powerpc/kernel/eeh_pe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.241","versionEndExcluding":"5.10.252","matchCriteriaId":"906502A9-64CF-40AD-94A0-2CAF0EB4ADF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.190","versionEndExcluding":"5.15.202","matchCriteriaId":"F450D145-3C5B-42A9-BA35-3BBEDB8AABE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.148","versionEndExcluding":"6.1.165","matchCriteriaId":"D3AF3877-6E23-4D20-8AB9-81D86F47874A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.102","versionEndExcluding":"6.6.128","matchCriteriaId":"DFFB1387-C4A0-4711-80C2-005F9AA438AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.42","versionEndExcluding":"6.12.75","matchCriteriaId":"BD7E1726-E2C4-4E5F-980F-79BD2D4E52C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.10","versionEndExcluding":"6.16","matchCriteriaId":"8E12C24E-0833-48D3-9A8D-574823A693F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.1","versionEndExcluding":"6.18.14","matchCriteriaId":"3767EE4D-F3A5-47B1-BBC2-25E6FCBA9F17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6e6561231c6cfc32c5631aeecc0928ff2b14265c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/788dd28fd49610d6047cbb15dbf1186afffdfbaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/815a8d2feb5615ae7f0b5befd206af0b0160614c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87a1f93986aa1500b85aeff16b0b71c29ea116ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/89810e2d80281d42f855fac813786758ee16e323","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b85ee287bfe52c6b2d9b41758b5e0d08679d5b39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f49faa4a64f8ac0e38983e606075b25dfcfc9ad4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8b16d5764ee1e78c1ef333017ad383ffe76fcdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45905","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:04.993","lastModified":"2026-06-24T16:28:18.513","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix ip_rt_bug race in icmp_route_lookup reverse path\n\nicmp_route_lookup() performs multiple route lookups to find a suitable\nroute for sending ICMP error messages, with special handling for XFRM\n(IPsec) policies.\n\nThe lookup sequence is:\n1. First, lookup output route for ICMP reply (dst = original src)\n2. Pass through xfrm_lookup() for policy check\n3. If blocked (-EPERM) or dst is not local, enter \"reverse path\"\n4. In reverse path, call xfrm_decode_session_reverse() to get fl4_dec\n   which reverses the original packet's flow (saddr<->daddr swapped)\n5. If fl4_dec.saddr is local (we are the original destination), use\n   __ip_route_output_key() for output route lookup\n6. If fl4_dec.saddr is NOT local (we are a forwarding node), use\n   ip_route_input() to simulate the reverse packet's input path\n7. Finally, pass rt2 through xfrm_lookup() with XFRM_LOOKUP_ICMP flag\n\nThe bug occurs in step 6: ip_route_input() is called with fl4_dec.daddr\n(original packet's source) as destination. If this address becomes local\nbetween the initial check and ip_route_input() call (e.g., due to\nconcurrent \"ip addr add\"), ip_route_input() returns a LOCAL route with\ndst.output set to ip_rt_bug.\n\nThis route is then used for ICMP output, causing dst_output() to call\nip_rt_bug(), triggering a WARN_ON:\n\n ------------[ cut here ]------------\n WARNING: net/ipv4/route.c:1275 at ip_rt_bug+0x21/0x30, CPU#1\n Call Trace:\n  <TASK>\n  ip_push_pending_frames+0x202/0x240\n  icmp_push_reply+0x30d/0x430\n  __icmp_send+0x1149/0x24f0\n  ip_options_compile+0xa2/0xd0\n  ip_rcv_finish_core+0x829/0x1950\n  ip_rcv+0x2d7/0x420\n  __netif_receive_skb_one_core+0x185/0x1f0\n  netif_receive_skb+0x90/0x450\n  tun_get_user+0x3413/0x3fb0\n  tun_chr_write_iter+0xe4/0x220\n  ...\n\nFix this by checking rt2->rt_type after ip_route_input(). If it's\nRTN_LOCAL, the route cannot be used for output, so treat it as an error.\n\nThe reproducer requires kernel modification to widen the race window,\nmaking it unsuitable as a selftest. It is available at:\n\n  https://gist.github.com/mrpre/eae853b72ac6a750f5d45d64ddac1e81"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/icmp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"9a95ec9144eeff1fc6fbcc21b677e322c6f1430b","versionType":"git","status":"affected"},{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"2c1f59005da9dd4b07b26984fd719e36557dc57c","versionType":"git","status":"affected"},{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"b04061f89ffc6168e7ec3c71d0086ec3c3797228","versionType":"git","status":"affected"},{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"1c9ef28f643cce34a6a6c36c8f4d6d60a60db7e1","versionType":"git","status":"affected"},{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"423ce12d10b426709489d6b84fdaa6d2f31c5652","versionType":"git","status":"affected"},{"version":"8b7817f3a959ed99d7443afc12f78a7e1fcc2063","lessThan":"81b84de32bb27ae1ae2eb9acf0420e9d0d14bf00","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/icmp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.1.165","matchCriteriaId":"61A94D48-D137-4E5A-BF27-2CDF9E30723C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c9ef28f643cce34a6a6c36c8f4d6d60a60db7e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c1f59005da9dd4b07b26984fd719e36557dc57c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/423ce12d10b426709489d6b84fdaa6d2f31c5652","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81b84de32bb27ae1ae2eb9acf0420e9d0d14bf00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a95ec9144eeff1fc6fbcc21b677e322c6f1430b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b04061f89ffc6168e7ec3c71d0086ec3c3797228","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45906","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.127","lastModified":"2026-06-24T16:28:06.540","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: pf1550: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/pf1550-charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4b6b6433a97d5863b5340fc87f866d784fdf0783","lessThan":"1bdefeed904f1f17e1f73a4d8a035515f3a9fad8","versionType":"git","status":"affected"},{"version":"4b6b6433a97d5863b5340fc87f866d784fdf0783","lessThan":"838767f5074700552d3f006d867caed65edc7328","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/pf1550-charger.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1bdefeed904f1f17e1f73a4d8a035515f3a9fad8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/838767f5074700552d3f006d867caed65edc7328","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45907","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.233","lastModified":"2026-06-24T16:27:56.443","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix deadlocks between devlink and netdev instance locks\n\nIn the mentioned \"Fixes\" commit, various work tasks triggering devlink\nhealth reporter recovery were switched to use netdev_trylock to protect\nagainst concurrent tear down of the channels being recovered. But this\nhad the side effect of introducing potential deadlocks because of\nincorrect lock ordering.\n\nThe correct lock order is described by the init flow:\nprobe_one -> mlx5_init_one (acquires devlink lock)\n-> mlx5_init_one_devl_locked -> mlx5_register_device\n-> mlx5_rescan_drivers_locked -...-> mlx5e_probe -> _mlx5e_probe\n-> register_netdev (acquires rtnl lock)\n-> register_netdevice (acquires netdev lock)\n=> devlink lock -> rtnl lock -> netdev lock.\n\nBut in the current recovery flow, the order is wrong:\nmlx5e_tx_err_cqe_work (acquires netdev lock)\n-> mlx5e_reporter_tx_err_cqe -> mlx5e_health_report\n-> devlink_health_report (acquires devlink lock => boom!)\n-> devlink_health_reporter_recover\n-> mlx5e_tx_reporter_recover -> mlx5e_tx_reporter_recover_from_ctx\n-> mlx5e_tx_reporter_err_cqe_recover\n\nThe same pattern exists in:\nmlx5e_reporter_rx_timeout\nmlx5e_reporter_tx_ptpsq_unhealthy\nmlx5e_reporter_tx_timeout\n\nFix these by moving the netdev_trylock calls from the work handlers\nlower in the call stack, in the respective recovery functions, where\nthey are actually necessary."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c","drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c","drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c","drivers/net/ethernet/mellanox/mlx5/core/en_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8f7b00307bf14676b7e7f0210110a36aa0ff3e93","lessThan":"4329514c61abefe4961541b128c549b017bab5ad","versionType":"git","status":"affected"},{"version":"8f7b00307bf14676b7e7f0210110a36aa0ff3e93","lessThan":"63f9d5fb4d8040077df801ca3270e2f02d55e0d9","versionType":"git","status":"affected"},{"version":"8f7b00307bf14676b7e7f0210110a36aa0ff3e93","lessThan":"83ac0304a2d77519dae1e54c9713cbe1aedf19c9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c","drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c","drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c","drivers/net/ethernet/mellanox/mlx5/core/en_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.14","matchCriteriaId":"974ECCCC-3CBB-4A66-9A34-82621077D7F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4329514c61abefe4961541b128c549b017bab5ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63f9d5fb4d8040077df801ca3270e2f02d55e0d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83ac0304a2d77519dae1e54c9713cbe1aedf19c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45908","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.350","lastModified":"2026-06-24T16:27:52.507","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix memory leak in amdxdna_ubuf_map\n\nThe amdxdna_ubuf_map() function allocates memory for sg and\ninternal sg table structures, but it fails to free them if subsequent\noperations (sg_alloc_table_from_pages or dma_map_sgtable) fail."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/accel/amdxdna/amdxdna_ubuf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"bd72d4acda1069579b35123e3cc0b21ec1193a21","lessThan":"5a68d2c99c859e6e8e36fa4e32749abf6d1fb66a","versionType":"git","status":"affected"},{"version":"bd72d4acda1069579b35123e3cc0b21ec1193a21","lessThan":"f9f4366d2ff93b07c2571561c776bd9a708078c3","versionType":"git","status":"affected"},{"version":"bd72d4acda1069579b35123e3cc0b21ec1193a21","lessThan":"84dd57fb0359500092f1101409ca32091731490d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/accel/amdxdna/amdxdna_ubuf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.14","matchCriteriaId":"3E0E101B-8972-4E77-80E0-D97AC3CA57C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5a68d2c99c859e6e8e36fa4e32749abf6d1fb66a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84dd57fb0359500092f1101409ca32091731490d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9f4366d2ff93b07c2571561c776bd9a708078c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45909","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.453","lastModified":"2026-06-24T14:55:29.343","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Drop __initconst from gates\n\nSince commit 8ceff24a754a (\"clk: mediatek: clk-gate: Refactor\nmtk_clk_register_gate to use mtk_gate struct\") the mtk_gate structs\nare no longer just used for initialization/registration, but also at\nruntime. So drop __initconst annotations."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/clk/mediatek/clk-mt7981-eth.c","drivers/clk/mediatek/clk-mt8516.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8ceff24a754ac065123ae0ec9f31ec03aff55f8a","lessThan":"1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee","versionType":"git","status":"affected"},{"version":"8ceff24a754ac065123ae0ec9f31ec03aff55f8a","lessThan":"866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1","versionType":"git","status":"affected"},{"version":"8ceff24a754ac065123ae0ec9f31ec03aff55f8a","lessThan":"871afb43e41ad4e8246438de495a939cd0f8113c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/clk/mediatek/clk-mt7981-eth.c","drivers/clk/mediatek/clk-mt8516.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.14","matchCriteriaId":"3E0E101B-8972-4E77-80E0-D97AC3CA57C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/871afb43e41ad4e8246438de495a939cd0f8113c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45910","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.563","lastModified":"2026-06-24T14:55:26.013","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race condition in QP timer handlers\n\nI encontered the following warning:\n WARNING: drivers/infiniband/sw/rxe/rxe_task.c:249 at rxe_sched_task+0x1c8/0x238 [rdma_rxe], CPU#0: swapper/0/0\n...\n  libsha1 [last unloaded: ip6_udp_tunnel]\n CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G         C          6.19.0-rc5-64k-v8+ #37 PREEMPT\n Tainted: [C]=CRAP\n Hardware name: Raspberry Pi 4 Model B Rev 1.2\n Call trace:\n  rxe_sched_task+0x1c8/0x238 [rdma_rxe] (P)\n  retransmit_timer+0x130/0x188 [rdma_rxe]\n  call_timer_fn+0x68/0x4d0\n  __run_timers+0x630/0x888\n...\n WARNING: drivers/infiniband/sw/rxe/rxe_task.c:38 at rxe_sched_task+0x1c0/0x238 [rdma_rxe], CPU#0: swapper/0/0\n...\n WARNING: drivers/infiniband/sw/rxe/rxe_task.c:111 at do_work+0x488/0x5c8 [rdma_rxe], CPU#3: kworker/u17:4/93400\n...\n refcount_t: underflow; use-after-free.\n WARNING: lib/refcount.c:28 at refcount_warn_saturate+0x138/0x1a0, CPU#3: kworker/u17:4/93400\n\nThe issue is caused by a race condition between retransmit_timer() and\nrxe_destroy_qp, leading to the Queue Pair's (QP) reference count dropping\nto zero during timer handler execution.\n\nIt seems this warning is harmless because rxe_qp_do_cleanup() will flush\nall pending timers and requests.\n\nExample of flow causing the issue:\n\nCPU0                                   CPU1\nretransmit_timer() {\n    spin_lock_irqsave\n                           rxe_destroy_qp()\n                            __rxe_cleanup()\n                              __rxe_put() // qp->ref_count decrease to 0\n                            rxe_qp_do_cleanup() {\n    if (qp->valid) {\n        rxe_sched_task() {\n            WARN_ON(rxe_read(task->qp) <= 0);\n        }\n    }\n    spin_unlock_irqrestore\n}\n                              spin_lock_irqsave\n                              qp->valid = 0\n                              spin_unlock_irqrestore\n                            }\n\nEnsure the QP's reference count is maintained and its validity is checked\nwithin the timer callbacks by adding calls to rxe_get(qp) and corresponding\nrxe_put(qp) after use."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/sw/rxe/rxe_comp.c","drivers/infiniband/sw/rxe/rxe_req.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d94671632572813e90bcf475bb4c7d51fbf20173","lessThan":"756c93d6df7c3bc599f6590b8e5afead6a41de1c","versionType":"git","status":"affected"},{"version":"d94671632572813e90bcf475bb4c7d51fbf20173","lessThan":"3c2ae79fb19dfd67341c14f1e78a5f1744eacfe2","versionType":"git","status":"affected"},{"version":"d94671632572813e90bcf475bb4c7d51fbf20173","lessThan":"5ae9da022ee3c97e6469eabcddce9271501ddbad","versionType":"git","status":"affected"},{"version":"d94671632572813e90bcf475bb4c7d51fbf20173","lessThan":"da379ca16af3722f159860d91a99cb6976a7500f","versionType":"git","status":"affected"},{"version":"d94671632572813e90bcf475bb4c7d51fbf20173","lessThan":"87bf646921430e303176edc4eb07c30160361b73","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/sw/rxe/rxe_comp.c","drivers/infiniband/sw/rxe/rxe_req.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.128","matchCriteriaId":"66EC33C3-F0C6-4223-A7F1-33C8808B682A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c2ae79fb19dfd67341c14f1e78a5f1744eacfe2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5ae9da022ee3c97e6469eabcddce9271501ddbad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/756c93d6df7c3bc599f6590b8e5afead6a41de1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87bf646921430e303176edc4eb07c30160361b73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da379ca16af3722f159860d91a99cb6976a7500f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45911","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.687","lastModified":"2026-06-24T14:55:22.987","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix role switching during resume\n\nIf the role change while we are suspended, the cdns3 driver switches to the\nnew mode during resume. However, switching to host mode in this context\ncauses a NULL pointer dereference.\n\nThe host role's start() operation registers a xhci-hcd device, but its\nprobe is deferred while we are in the resume path. The host role's resume()\noperation assumes the xhci-hcd device is already probed, which is not the\ncase, leading to the dereference. Since the start() operation of the new\nrole is already called, the resume operation can be skipped.\n\nSo skip the resume operation for the new role if a role switch occurs\nduring resume. Once the resume sequence is complete, the xhci-hcd device\ncan be probed in case of host mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000208\nMem abort info:\n...\nData abort info:\n...\n[0000000000000208] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1]  SMP\nModules linked in:\nCPU: 0 UID: 0 PID: 146 Comm: sh Not tainted\n6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT\nHardware name: Texas Instruments J7200 EVM (DT)\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usb_hcd_is_primary_hcd+0x0/0x1c\nlr : cdns_host_resume+0x24/0x5c\n...\nCall trace:\n usb_hcd_is_primary_hcd+0x0/0x1c (P)\n cdns_resume+0x6c/0xbc\n cdns3_controller_resume.isra.0+0xe8/0x17c\n cdns3_plat_resume+0x18/0x24\n platform_pm_resume+0x2c/0x68\n dpm_run_callback+0x90/0x248\n device_resume+0x100/0x24c\n dpm_resume+0x190/0x2ec\n dpm_resume_end+0x18/0x34\n suspend_devices_and_enter+0x2b0/0xa44\n pm_suspend+0x16c/0x5fc\n state_store+0x80/0xec\n kobj_attr_store+0x18/0x2c\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x130/0x1dc\n vfs_write+0x240/0x370\n ksys_write+0x70/0x108\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0x108\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\nCode: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401)\n---[ end trace 0000000000000000 ]---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/usb/cdns3/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"ff02bd303d2d78051771db51119d66c0cf442f47","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"94c742614899ff18a6b3e6f3cfbe7b9f36c865f3","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"d637f6ec149ffd2f8257bcc261561dc2e44dbb8c","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"56289298431ed76700b9aac27a3b1d929fe61b8d","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"fc086c0ce3db0eefbbeb66a5b1e626296336e33a","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"49c99dc247ebf7361db9dbdade3dcebfffaf2c22","versionType":"git","status":"affected"},{"version":"2cf2581cd2290ccef674f1be5f7977d66702eedb","lessThan":"87e4b043b98a1d269be0b812f383881abee0ca45","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/usb/cdns3/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.77","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15.203","matchCriteriaId":"985804EB-66D2-4D4A-AF5D-D7A87E940EEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/49c99dc247ebf7361db9dbdade3dcebfffaf2c22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56289298431ed76700b9aac27a3b1d929fe61b8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87e4b043b98a1d269be0b812f383881abee0ca45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94c742614899ff18a6b3e6f3cfbe7b9f36c865f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d637f6ec149ffd2f8257bcc261561dc2e44dbb8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc086c0ce3db0eefbbeb66a5b1e626296336e33a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff02bd303d2d78051771db51119d66c0cf442f47","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45912","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:05.867","lastModified":"2026-06-24T14:55:11.860","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't cache extent during splitting extent\n\nCaching extents during the splitting process is risky, as it may result\nin stale extents remaining in the status tree. Moreover, in most cases,\nthe corresponding extent block entries are likely already cached before\nthe split happens, making caching here not particularly useful.\n\nAssume we have an unwritten extent, and then DIO writes the first half.\n\n  [UUUUUUUUUUUUUUUU] on-disk extent        U: unwritten extent\n  [UUUUUUUUUUUUUUUU] extent status tree\n  |<-   ->| ----> dio write this range\n\nFirst, when ext4_split_extent_at() splits this extent, it truncates the\nexisting extent and then inserts a new one. During this process, this\nextent status entry may be shrunk, and calls to ext4_find_extent() and\next4_cache_extents() may occur, which could potentially insert the\ntruncated range as a hole into the extent status tree. After the split\nis completed, this hole is not replaced with the correct status.\n\n  [UUUUUUU|UUUUUUUU] on-disk extent        U: unwritten extent\n  [UUUUUUU|HHHHHHHH] extent status tree    H: hole\n\nThen, the outer calling functions will not correct this remaining hole\nextent either. Finally, if we perform a delayed buffer write on this\nlatter part, it will re-insert the delayed extent and cause an error in\nspace accounting.\n\nIn adition, if the unwritten extent cache is not shrunk during the\nsplitting, ext4_cache_extents() also conflicts with existing extents\nwhen caching extents. In the future, we will add checks when caching\nextents, which will trigger a warning. Therefore, Do not cache extents\nthat are being split."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"8302b5b4aacdbb378f7b1216bb2ee782b5142415","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"692103feca376ae4298c92aa8828015d20f1d87b","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"4c2d9dac4d328244f9365b0a1fa27ec802821820","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"93b2ebbbcb2e63cfc21a1946dfe91d3aa7952036","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"96007fd3c106aea773c1afae2d6f64cceb6da208","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"5b1f4290453314e11cd8e15c7baa8a9b76c19b23","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"9a2b95cdaf07785e2739199037bd9c0863ccc1be","versionType":"git","status":"affected"},{"version":"107a7bd31ac003e42c0f966aa8e5b26947de6024","lessThan":"8b4b19a2f96348d70bfa306ef7d4a13b0bcbea79","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.252","matchCriteriaId":"360F987A-1B41-4351-A04D-22A93596C979"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4c2d9dac4d328244f9365b0a1fa27ec802821820","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b1f4290453314e11cd8e15c7baa8a9b76c19b23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/692103feca376ae4298c92aa8828015d20f1d87b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8302b5b4aacdbb378f7b1216bb2ee782b5142415","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b4b19a2f96348d70bfa306ef7d4a13b0bcbea79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93b2ebbbcb2e63cfc21a1946dfe91d3aa7952036","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/96007fd3c106aea773c1afae2d6f64cceb6da208","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a2b95cdaf07785e2739199037bd9c0863ccc1be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45913","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.020","lastModified":"2026-06-24T14:55:07.463","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mcast: always update mdb_n_entries for vlan contexts\n\nsyzbot triggered a warning[1] about the number of mdb entries in a context.\nIt turned out that there are multiple ways to trigger that warning today\n(some got added during the years), the root cause of the problem is that\nthe increase is done conditionally, and over the years these different\nconditions increased so there were new ways to trigger the warning, that is\nto do a decrease which wasn't paired with a previous increase.\n\nFor example one way to trigger it is with flush:\n $ ip l add br0 up type bridge vlan_filtering 1 mcast_snooping 1\n $ ip l add dumdum up master br0 type dummy\n $ bridge mdb add dev br0 port dumdum grp 239.0.0.1 permanent vid 1\n $ ip link set dev br0 down\n $ ip link set dev br0 type bridge mcast_vlan_snooping 1\n   ^^^^ this will enable snooping, but will not update mdb_n_entries\n        because in __br_multicast_enable_port_ctx() we check !netif_running\n $ bridge mdb flush dev br0\n   ^^^ this will trigger the warning because it will delete the pg which\n       we added above, which will try to decrease mdb_n_entries\n\nFix the problem by removing the conditional increase and always keep the\ncount up-to-date while the vlan exists. In order to do that we have to\nfirst initialize it on port-vlan context creation, and then always increase\nor decrease the value regardless of mcast options. To keep the current\nbehaviour we have to enforce the mdb limit only if the context is port's or\nif the port-vlan's mcast snooping is enabled.\n\n[1]\n ------------[ cut here ]------------\n n == 0\n WARNING: net/bridge/br_multicast.c:718 at br_multicast_port_ngroups_dec_one net/bridge/br_multicast.c:718 [inline], CPU#0: syz.4.4607/22043\n WARNING: net/bridge/br_multicast.c:718 at br_multicast_port_ngroups_dec net/bridge/br_multicast.c:771 [inline], CPU#0: syz.4.4607/22043\n WARNING: net/bridge/br_multicast.c:718 at br_multicast_del_pg+0x1bbe/0x1e20 net/bridge/br_multicast.c:825, CPU#0: syz.4.4607/22043\n Modules linked in:\n CPU: 0 UID: 0 PID: 22043 Comm: syz.4.4607 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026\n RIP: 0010:br_multicast_port_ngroups_dec_one net/bridge/br_multicast.c:718 [inline]\n RIP: 0010:br_multicast_port_ngroups_dec net/bridge/br_multicast.c:771 [inline]\n RIP: 0010:br_multicast_del_pg+0x1bbe/0x1e20 net/bridge/br_multicast.c:825\n Code: 41 5f 5d e9 04 7a 48 f7 e8 3f 73 5c f7 90 0f 0b 90 e9 cf fd ff ff e8 31 73 5c f7 90 0f 0b 90 e9 16 fd ff ff e8 23 73 5c f7 90 <0f> 0b 90 e9 60 fd ff ff e8 15 73 5c f7 eb 05 e8 0e 73 5c f7 48 8b\n RSP: 0018:ffffc9000c207220 EFLAGS: 00010293\n RAX: ffffffff8a68042d RBX: ffff88807c6f1800 RCX: ffff888066e90000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: ffff888066e90000 R09: 000000000000000c\n R10: 000000000000000c R11: 0000000000000000 R12: ffff8880303ef800\n R13: dffffc0000000000 R14: ffff888050eb11c4 R15: 1ffff1100a1d6238\n FS:  00007fa45921b6c0(0000) GS:ffff8881256f5000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa4591f9ff8 CR3: 0000000081df2000 CR4: 00000000003526f0\n Call Trace:\n  <TASK>\n  br_mdb_flush_pgs net/bridge/br_mdb.c:1525 [inline]\n  br_mdb_flush net/bridge/br_mdb.c:1544 [inline]\n  br_mdb_del_bulk+0x5e2/0xb20 net/bridge/br_mdb.c:1561\n  rtnl_mdb_del+0x48a/0x640 net/core/rtnetlink.c:-1\n  rtnetlink_rcv_msg+0x77e/0xbe0 net/core/rtnetlink.c:6967\n  netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550\n  netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]\n  netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344\n  netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894\n  sock_sendmsg_nosec net/socket.c:727 [inline]\n  __sock_sendmsg net/socket.c:742 [inline]\n  ____sys_sendmsg+0xa68/0xad0 net/socket.c:2592\n  ___sys_sendmsg+0x2a5/0x360 net/socke\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bridge/br_multicast.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b57e8d870d522d905720052e6fd9c3bc9bc5f6fb","lessThan":"d0fdad1bdd21a358cc2c85da3681ae27b86ce6ce","versionType":"git","status":"affected"},{"version":"b57e8d870d522d905720052e6fd9c3bc9bc5f6fb","lessThan":"724a405ce0309676f1e993c173382b4c4a022beb","versionType":"git","status":"affected"},{"version":"b57e8d870d522d905720052e6fd9c3bc9bc5f6fb","lessThan":"fae260fc84e1eae8f590c7907e53e8768df2d986","versionType":"git","status":"affected"},{"version":"b57e8d870d522d905720052e6fd9c3bc9bc5f6fb","lessThan":"45525fdfd4cb612d7b414dd5cfa1f43892a7cd71","versionType":"git","status":"affected"},{"version":"b57e8d870d522d905720052e6fd9c3bc9bc5f6fb","lessThan":"8b769e311a86bb9d15c5658ad283b86fc8f080a2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bridge/br_multicast.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.128","matchCriteriaId":"1415D355-1FDC-4D84-94FF-EA237337BACD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/45525fdfd4cb612d7b414dd5cfa1f43892a7cd71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/724a405ce0309676f1e993c173382b4c4a022beb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b769e311a86bb9d15c5658ad283b86fc8f080a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0fdad1bdd21a358cc2c85da3681ae27b86ce6ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fae260fc84e1eae8f590c7907e53e8768df2d986","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45914","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.180","lastModified":"2026-06-24T14:55:01.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"hwmon: (ibmpex) fix use-after-free in high/low store\"\n\nThis reverts commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d.\n\nJean Delvare points out that the patch does not completely\nfix the reported problem, that it in fact introduces a\n(new) race condition, and that it may actually not be needed in\nthe first place.\n\nVarious AI reviews agree. Specific and relevant AI feedback:\n\n\"\nThis reordering sets the driver data to NULL before removing the sensor\nattributes in the loop below.\n\nibmpex_show_sensor() retrieves this driver data via dev_get_drvdata() but\ndoes not check if it is NULL before dereferencing it to access\ndata->sensors[].\n\nIf a userspace process reads a sensor file (like temp1_input) while this\ndelete function is running, could it race with the dev_set_drvdata(...,\nNULL) call here and crash in ibmpex_show_sensor()?\n\nWould it be safer to keep the original order where device_remove_file() is\ncalled before clearing the driver data? device_remove_file() should wait\nfor any active sysfs callbacks to complete, which might already prevent the\nuse-after-free this patch intends to fix.\n\"\n\nRevert the offending patch. If it can be shown that the originally reported\nalleged race condition does indeed exist, it can always be re-introduced\nwith a complete fix."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/hwmon/ibmpex.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3ce9b7ae9d4d148672b35147aaf7987a4f82bb94","lessThan":"05112ba67c824ab416cd54307c0b50aba9f0047a","versionType":"git","status":"affected"},{"version":"533ead425f8109b02fecc7e72d612b8898ec347a","lessThan":"efd68429f23fb4015b0ebc2392334059e06fad18","versionType":"git","status":"affected"},{"version":"fa37adcf1d564ef58b9dfb01b6c36d35c5294bad","lessThan":"f448acd86835a650f9ea83460b9ca347d3aafba5","versionType":"git","status":"affected"},{"version":"68d62e5bebbd118b763e8bb210d5cf2198ef450c","lessThan":"914b47c9b824d3d74f31c764163edf93302100b1","versionType":"git","status":"affected"},{"version":"5aa2139201667c1f644601e4529c4acd6bf8db5a","lessThan":"14a38784e09aebc21207dc32fffa05247fc3dd64","versionType":"git","status":"affected"},{"version":"6946c726c3f4c36f0f049e6f97e88c510b15f65d","lessThan":"894d9c7aab68fd0c70c78b1d03c8fa589fb0f67d","versionType":"git","status":"affected"},{"version":"6946c726c3f4c36f0f049e6f97e88c510b15f65d","lessThan":"8bde3e395a85017f12af2b0ba5c3684f5af9c006","versionType":"git","status":"affected"},{"version":"5.10.248","lessThan":"5.10.252","versionType":"semver","status":"affected"},{"version":"6.1.160","lessThan":"6.1.165","versionType":"semver","status":"affected"},{"version":"6.6.120","lessThan":"6.6.128","versionType":"semver","status":"affected"},{"version":"6.12.64","lessThan":"6.12.75","versionType":"semver","status":"affected"},{"version":"6.18.3","lessThan":"6.18.14","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/hwmon/ibmpex.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.248","versionEndExcluding":"5.10.252","matchCriteriaId":"0FF383F2-E238-49E9-870A-004DCE6EC4EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.160","versionEndExcluding":"6.1.165","matchCriteriaId":"29CE5815-AC25-4B86-8093-9B7C33747C6A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.120","versionEndExcluding":"6.6.128","matchCriteriaId":"F93EE437-1C07-464F-9047-8987F00BA711"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.64","versionEndExcluding":"6.12.75","matchCriteriaId":"E27D5D92-2E0F-4CED-BEFE-15984B8B010D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.3","versionEndExcluding":"6.18.14","matchCriteriaId":"1F86B087-7282-4A5E-92B3-E7448F7492B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.1","versionEndExcluding":"6.19.4","matchCriteriaId":"411B9362-5B74-4569-8450-50CAD50DE99C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*","matchCriteriaId":"35C8A871-4971-433E-A046-FC9F7B7D190A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05112ba67c824ab416cd54307c0b50aba9f0047a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/14a38784e09aebc21207dc32fffa05247fc3dd64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/894d9c7aab68fd0c70c78b1d03c8fa589fb0f67d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8bde3e395a85017f12af2b0ba5c3684f5af9c006","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/914b47c9b824d3d74f31c764163edf93302100b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/efd68429f23fb4015b0ebc2392334059e06fad18","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f448acd86835a650f9ea83460b9ca347d3aafba5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45915","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.320","lastModified":"2026-06-24T17:23:37.130","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfat: avoid parent link count underflow in rmdir\n\nCorrupted FAT images can leave a directory inode with an incorrect\ni_nlink (e.g. 2 even though subdirectories exist). rmdir then\nunconditionally calls drop_nlink(dir) and can drive i_nlink to 0,\ntriggering the WARN_ON in drop_nlink().\n\nAdd a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the\nparent link count when it is at least 3, otherwise report a filesystem\nerror."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/fat/namei_msdos.c","fs/fat/namei_vfat.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"7fe0de287e931e07cb96ecf1f449b2ebdb0e1115","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"9894c79fd9466612d0514be157b5c30cd93aa645","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"cd569b87378b9c33ae13c23d6bb9d205d66f7c4b","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"d3b7ffa90f613938128432c7b2f35b7aa4bdd86b","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"955c5d670b5ae07c78f4345e23a895638db96ce1","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"17866f8a0822d414cb02e621cf003a7d04396ef8","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0","versionType":"git","status":"affected"},{"version":"9a53c3a783c2fa9b969628e65695c11c3e51e673","lessThan":"8cafcb881364af5ef3a8b9fed4db254054033d8a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/fat/namei_msdos.c","fs/fat/namei_vfat.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.10.252","matchCriteriaId":"128F081F-CEB9-49AD-8832-F177C6299DED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17866f8a0822d414cb02e621cf003a7d04396ef8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7fe0de287e931e07cb96ecf1f449b2ebdb0e1115","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8cafcb881364af5ef3a8b9fed4db254054033d8a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/955c5d670b5ae07c78f4345e23a895638db96ce1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9894c79fd9466612d0514be157b5c30cd93aa645","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd569b87378b9c33ae13c23d6bb9d205d66f7c4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3b7ffa90f613938128432c7b2f35b7aa4bdd86b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45916","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.463","lastModified":"2026-06-24T17:23:32.440","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: sbs-battery: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle. Keep the old behavior of\njust printing a warning in case of any failures during the IRQ request\nand finishing the probe successfully."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/sbs-battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"ca7dd71773e4e050b0fb98768b7eae60f8d1f38b","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"f1f472b14ad56104ba228b8fbec60d5b21829913","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"8010b745b436c3e1ca5dd960aa29fa3e0f6d8841","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"2078830c32d1e49ac942c6f8c21f35c806ae5e94","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"82d3eb97a976c9d56bb92b241397610e57a9c629","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"861dda7a9074c0ff67788928165ae39d7f647491","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"14d4dee5d8fb361bfff275832087254beab66d72","versionType":"git","status":"affected"},{"version":"d2cec82c28802da31596b395ad292cb8f132fd63","lessThan":"8d59cf3887fbabacef53bfba473e33e8a8d9d07b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/sbs-battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.252","matchCriteriaId":"76AC1846-5EF5-4C28-9E88-EED4D74FB8F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14d4dee5d8fb361bfff275832087254beab66d72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2078830c32d1e49ac942c6f8c21f35c806ae5e94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8010b745b436c3e1ca5dd960aa29fa3e0f6d8841","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82d3eb97a976c9d56bb92b241397610e57a9c629","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/861dda7a9074c0ff67788928165ae39d7f647491","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d59cf3887fbabacef53bfba473e33e8a8d9d07b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca7dd71773e4e050b0fb98768b7eae60f8d1f38b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1f472b14ad56104ba228b8fbec60d5b21829913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45917","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.587","lastModified":"2026-06-24T17:23:08.620","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: do not keep dest_dst if dev is going down\n\nThere is race between the netdev notifier ip_vs_dst_event()\nand the code that caches dst with dev that is going down.\nAs the FIB can be notified for the closed device after our\nhandler finishes, it is possible valid route to be returned\nand cached resuling in a leaked dev reference until the dest\nis not removed.\n\nTo prevent new dest_dst to be attached to dest just after the\nhandler dropped the old one, add a netif_running() check\nto make sure the notifier handler is not currently running\nfor device that is closing."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/ipvs/ip_vs_xmit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7a4f0761fce32ff4918a7c23b08db564ad33092d","lessThan":"64af43033503458c46023e56d6ae7bb0f824b55f","versionType":"git","status":"affected"},{"version":"7a4f0761fce32ff4918a7c23b08db564ad33092d","lessThan":"bae53b3baf2ff2f45f9205c438818fc055601a54","versionType":"git","status":"affected"},{"version":"7a4f0761fce32ff4918a7c23b08db564ad33092d","lessThan":"024eb0bd19f507e6e7f0c7a7e5506d66b5dc1d3e","versionType":"git","status":"affected"},{"version":"7a4f0761fce32ff4918a7c23b08db564ad33092d","lessThan":"8fde939b0206afc1d5846217a01a16b9bc8c7896","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/ipvs/ip_vs_xmit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.39","status":"affected"},{"version":"0","lessThan":"2.6.39","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39.1","versionEndExcluding":"6.12.75","matchCriteriaId":"D93533BF-AF3F-4AE4-84CB-511FD5BAD75D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.39:-:*:*:*:*:*:*","matchCriteriaId":"6691E95C-E563-4730-BC6E-5B1F208DF350"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/024eb0bd19f507e6e7f0c7a7e5506d66b5dc1d3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/64af43033503458c46023e56d6ae7bb0f824b55f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fde939b0206afc1d5846217a01a16b9bc8c7896","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bae53b3baf2ff2f45f9205c438818fc055601a54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45918","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.690","lastModified":"2026-06-24T17:22:46.393","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\novpn: tcp - don't deref NULL sk_socket member after tcp_close()\n\nWhen deleting a peer in case of keepalive expiration, the peer is\nremoved from the OpenVPN hashtable and is temporary inserted in a\n\"release list\" for further processing.\n\nThis happens in:\novpn_peer_keepalive_work()\n  unlock_ovpn(release_list)\n\nThis processing includes detaching from the socket being used to\ntalk to this peer, by restoring its original proto and socket\nops/callbacks.\n\nIn case of TCP it may happen that, while the peer is sitting in\nthe release list, userspace decides to close the socket.\nThis will result in a concurrent execution of:\n\ntcp_close(sk)\n  __tcp_close(sk)\n    sock_orphan(sk)\n      sk_set_socket(sk, NULL)\n\nThe last function call will set sk->sk_socket to NULL.\n\nWhen the releasing routine is resumed, ovpn_tcp_socket_detach()\nwill attempt to dereference sk->sk_socket to restore its original\nops member. This operation will crash due to sk->sk_socket being NULL.\n\nFix this race condition by testing-and-accessing\nsk->sk_socket atomically under sk->sk_callback_lock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ovpn/tcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"11851cbd60ea1e5abbd97619d69845ead99303d6","lessThan":"f998b2c4bec487063a586695159f9a1856e81c56","versionType":"git","status":"affected"},{"version":"11851cbd60ea1e5abbd97619d69845ead99303d6","lessThan":"b9142cf4e066c825ec68752a7dcaceda700bbe26","versionType":"git","status":"affected"},{"version":"11851cbd60ea1e5abbd97619d69845ead99303d6","lessThan":"94560267d6c41b1ff3fafbab726e3f8a55a6af34","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ovpn/tcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.14","matchCriteriaId":"974ECCCC-3CBB-4A66-9A34-82621077D7F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/94560267d6c41b1ff3fafbab726e3f8a55a6af34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9142cf4e066c825ec68752a7dcaceda700bbe26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f998b2c4bec487063a586695159f9a1856e81c56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45919","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.790","lastModified":"2026-06-24T17:22:38.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Skip currently executing CPU in rto_next_cpu()\n\nCPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound\nRT task, and a CFS task stuck in kernel space. When other CPUs switch from\nRT to non-RT tasks, RT load balancing (LB) is triggered; with\nHAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution\nof rto_push_irq_work_func. During push_rt_task on CPU0,\nif next_task->prio < rq->donor->prio, resched_curr() sets NEED_RESCHED\nand after the push operation completes, CPU0 calls rto_next_cpu().\nSince only CPU0 is overloaded in this scenario, rto_next_cpu() should\nideally return -1 (no further IPI needed).\n\nHowever, multiple CPUs invoking tell_cpu_to_push() during LB increments\nrd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between\nrd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its\nsearch from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory\n&& rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to\nitself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and\nother CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop,\nwhich triggers a CPU hardlockup due to continuous self-interrupts.\n\nThe trigging scenario is as follows:\n\n         cpu0                      cpu1                    cpu2\n                                pull_rt_task\n                              tell_cpu_to_push\n                 <------------irq_work_queue_on\nrto_push_irq_work_func\n       push_rt_task\n    resched_curr(rq)                                   pull_rt_task\n    rto_next_cpu                                     tell_cpu_to_push\n                      <-------------------------- atomic_inc(rto_loop_next)\nrd->rto_loop != next\n     rto_next_cpu\n   irq_work_queue_on\nrto_push_irq_work_func\n\nFix redundant self-IPI by filtering the initiating CPU in rto_next_cpu().\nThis solution has been verified to effectively eliminate spurious self-IPIs\nand prevent CPU hardlockup scenarios."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/sched/rt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"d57d0746276a88ea43a2cc62b849fd8a95e32e41","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"3b3c672a66db3de3b40f8a7057864bc1f874ede3","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"16ca9f3117e9a294646c897daf08a5ab546c711b","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"8ad5577b2d4acfd83f03d97a0aece2d18aac5f07","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"a6a73403733e86748421f2eeaf028c85683ef896","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"52aeb1e07ec223caf212f036817976c98d2aa250","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"9f25edc5a20cb52a5abbf25f0724bb4732b81801","versionType":"git","status":"affected"},{"version":"4bdced5c9a2922521e325896a7bbbf0132c94e56","lessThan":"94894c9c477e53bcea052e075c53f89df3d2a33e","versionType":"git","status":"affected"},{"version":"cb1831a83e54cd3269a2420fce81c4fd8ae6f667","versionType":"git","status":"affected"},{"version":"1c37ff78298a6b6063649123356a312e1cce12ca","versionType":"git","status":"affected"},{"version":"f17c786b28a3060a566a170c2cf3bd7441fc30a3","versionType":"git","status":"affected"},{"version":"4.4.103","lessThan":"4.5","versionType":"semver","status":"affected"},{"version":"4.9.66","lessThan":"4.10","versionType":"semver","status":"affected"},{"version":"4.14.3","lessThan":"4.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/sched/rt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.103","versionEndExcluding":"4.5","matchCriteriaId":"650D32F8-EA77-4DD0-853E-00A5D3748221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.66","versionEndExcluding":"4.10","matchCriteriaId":"FF2C4C8C-49AC-4AAC-B560-0B3654CD08C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.3","versionEndExcluding":"5.10.252","matchCriteriaId":"5A4DEEA0-84F0-4879-AA92-93C5595569E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/16ca9f3117e9a294646c897daf08a5ab546c711b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3b3c672a66db3de3b40f8a7057864bc1f874ede3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52aeb1e07ec223caf212f036817976c98d2aa250","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ad5577b2d4acfd83f03d97a0aece2d18aac5f07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94894c9c477e53bcea052e075c53f89df3d2a33e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9f25edc5a20cb52a5abbf25f0724bb4732b81801","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6a73403733e86748421f2eeaf028c85683ef896","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d57d0746276a88ea43a2cc62b849fd8a95e32e41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45920","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:06.930","lastModified":"2026-06-24T17:22:20.657","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix dirtyclusters double decrement on fs shutdown\n\nfstests test generic/388 occasionally reproduces a warning in\next4_put_super() associated with the dirty clusters count:\n\n  WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext4_put_super+0x48c/0x590 [ext4]\n\nTracing the failure shows that the warning fires due to an\ns_dirtyclusters_counter value of -1. IOW, this appears to be a\nspurious decrement as opposed to some sort of leak. Further tracing\nof the dirty cluster count deltas and an LLM scan of the resulting\noutput identified the cause as a double decrement in the error path\nbetween ext4_mb_mark_diskspace_used() and the caller\next4_mb_new_blocks().\n\nFirst, note that generic/388 is a shutdown vs. fsstress test and so\nproduces a random set of operations and shutdown injections. In the\nproblematic case, the shutdown triggers an error return from the\next4_handle_dirty_metadata() call(s) made from\next4_mb_mark_context(). The changed value is non-zero at this point,\nso ext4_mb_mark_diskspace_used() does not exit after the error\nbubbles up from ext4_mb_mark_context(). Instead, the former\ndecrements both cluster counters and returns the error up to\next4_mb_new_blocks(). The latter falls into the !ar->len out path\nwhich decrements the dirty clusters counter a second time, creating\nthe inconsistency.\n\nTo avoid this problem and simplify ownership of the cluster\nreservation in this codepath, lift the counter reduction to a single\nplace in the caller. This makes it more clear that\next4_mb_new_blocks() is responsible for acquiring cluster\nreservation (via ext4_claim_free_clusters()) in the !delalloc case\nas well as releasing it, regardless of whether it ends up consumed\nor returned due to failure."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/mballoc-test.c","fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"523d5a4df3c649fa305c89efb552ec62a1ce9d3d","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"ca408af08544d96769c93a3d81a7f63f61129e95","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"55576fa14771d33994c29a9ae960e07bb3f56c20","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"dbc4e10619ed87a50e637b96f2e574df36a7a769","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"61e372122b6d95aec940fdaea0a16f988f359897","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"3924aea2c33df3864929c1acd178bfc29d8f005f","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"81982a11406c5da6c6e2b188028e7056e16b7128","versionType":"git","status":"affected"},{"version":"0087d9fb3f29f59e8d42c8b058376d80e5adde4c","lessThan":"94a8cea54cd935c54fa2fba70354757c0fc245e3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/mballoc-test.c","fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.29","status":"affected"},{"version":"0","lessThan":"2.6.29","versionType":"semver","status":"unaffected"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.29","versionEndExcluding":"5.10.253","matchCriteriaId":"0C1B1C38-DBED-4FC4-AE7D-B0A2622E224F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3924aea2c33df3864929c1acd178bfc29d8f005f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/523d5a4df3c649fa305c89efb552ec62a1ce9d3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/55576fa14771d33994c29a9ae960e07bb3f56c20","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/61e372122b6d95aec940fdaea0a16f988f359897","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81982a11406c5da6c6e2b188028e7056e16b7128","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94a8cea54cd935c54fa2fba70354757c0fc245e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca408af08544d96769c93a3d81a7f63f61129e95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbc4e10619ed87a50e637b96f2e574df36a7a769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45921","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:07.070","lastModified":"2026-06-24T17:22:07.937","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()\n\nThe function mtd_parser_tplink_safeloader_parse() allocates buf via\nmtd_parser_tplink_safeloader_read_table(). If the allocation for\nparts[idx].name fails inside the loop, the code jumps to the err_free\nlabel without freeing buf, leading to a memory leak.\n\nFix this by freeing the temporary buffer buf in the err_free label.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/mtd/parsers/tplink_safeloader.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"00a3588084bee6f37bb2b1d343f96900cfe049bc","lessThan":"0f5e62ea5c43146eacdc6861cb1022ffae1b79bc","versionType":"git","status":"affected"},{"version":"00a3588084bee6f37bb2b1d343f96900cfe049bc","lessThan":"e97f5fac8ce9a6b9ec724c97d86b0985e915fdca","versionType":"git","status":"affected"},{"version":"00a3588084bee6f37bb2b1d343f96900cfe049bc","lessThan":"ec121ad626c319085f6d40a52cd04e99b4554926","versionType":"git","status":"affected"},{"version":"00a3588084bee6f37bb2b1d343f96900cfe049bc","lessThan":"971e9c53aed82f17a9c6a65daa4e21cc15eba5b1","versionType":"git","status":"affected"},{"version":"00a3588084bee6f37bb2b1d343f96900cfe049bc","lessThan":"980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/mtd/parsers/tplink_safeloader.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f5e62ea5c43146eacdc6861cb1022ffae1b79bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/971e9c53aed82f17a9c6a65daa4e21cc15eba5b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e97f5fac8ce9a6b9ec724c97d86b0985e915fdca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec121ad626c319085f6d40a52cd04e99b4554926","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45922","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:07.180","lastModified":"2026-06-24T17:21:55.420","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler\n\nThe UVERBS_HANDLER(MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH) function\nallocates memory for the device path using kobject_get_path(). If the\nlength of the device path exceeds the output buffer length, the function\nreturns -ENOSPC but does not free the allocated memory, resulting in a\nmemory leak.\n\nAdd a kfree() call to the error path to ensure the allocated memory is\nproperly freed.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/mlx5/std_types.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ec7ad6530909983c8736c80af46e3529ce7bab55","lessThan":"ee998cdbff6680891b0efd9d6ce53a388e5342c3","versionType":"git","status":"affected"},{"version":"ec7ad6530909983c8736c80af46e3529ce7bab55","lessThan":"b2bc649c18fbe8a7fd38d17266da3dcbfbcc44d2","versionType":"git","status":"affected"},{"version":"ec7ad6530909983c8736c80af46e3529ce7bab55","lessThan":"b3a10eca24fcfe913c0875e620f19596001bd6dc","versionType":"git","status":"affected"},{"version":"ec7ad6530909983c8736c80af46e3529ce7bab55","lessThan":"9b9d253908478f504297ac283c514e5953ddafa6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/mlx5/std_types.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.75","matchCriteriaId":"91F4DDF8-DCB5-433F-9A96-EB7DD49CF8DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9b9d253908478f504297ac283c514e5953ddafa6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2bc649c18fbe8a7fd38d17266da3dcbfbcc44d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b3a10eca24fcfe913c0875e620f19596001bd6dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee998cdbff6680891b0efd9d6ce53a388e5342c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45923","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:07.283","lastModified":"2026-06-24T17:21:45.860","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: catc: enable basic endpoint checking\n\ncatc_probe() fills three URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n  - usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX\n  - usb_rcvintpipe(usbdev, 2) for interrupt status\n\nA malformed USB device can present these endpoints with transfer types\nthat differ from what the driver assumes.\n\nAdd a catc_usb_ep enum for endpoint numbers, replacing magic constants\nthroughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints()\ncalls after usb_set_interface() to verify endpoint types before use,\nrejecting devices with mismatched descriptors at probe time.\n\nSimilar to\n- commit 90b7f2961798 (\"net: usb: rtl8150: enable basic endpoint checking\")\nwhich fixed the issue in rtl8150."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/usb/catc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"eade522d3e6ac3f3bfb51bfa5b5b4b32bd0b846f","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ac7739b78ded519e1d9919a814da3b34120bec8c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"163d04897e57633c5d2e69734e4e4b22bb63f50d","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"a488001a8197da4f9c413eec8f6acbff71c60145","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"36c28b028efba0f42218d41fed12c47ce217c1f1","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1a42cfced8900d33d032c7ec338484855b61b8cc","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9e7021d2aeae57c323a6f722ed7915686cdcc123","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/usb/catc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.252","matchCriteriaId":"68B6D2AD-7565-4394-B77B-A1EEBCDF590F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.165","matchCriteriaId":"7063817E-8CBA-4CC7-8DE3-6AF12C926C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/163d04897e57633c5d2e69734e4e4b22bb63f50d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1a42cfced8900d33d032c7ec338484855b61b8cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36c28b028efba0f42218d41fed12c47ce217c1f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e7021d2aeae57c323a6f722ed7915686cdcc123","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a488001a8197da4f9c413eec8f6acbff71c60145","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac7739b78ded519e1d9919a814da3b34120bec8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eade522d3e6ac3f3bfb51bfa5b5b4b32bd0b846f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45924","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:07.413","lastModified":"2026-06-24T17:21:38.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths\n\nThere are two places where ksmbd_vfs_kern_path_end_removing() needs to be\ncalled in order to balance what the corresponding successful call to\nksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and\nput the taken references.  Otherwise there might be potential deadlocks\nand unbalanced locks which are caught like:\n\nBUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596\n     last function: handle_ksmbd_work\n2 locks held by kworker/5:21/7596:\n #0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660\n #1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660\nCPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\nWorkqueue: ksmbd-io handle_ksmbd_work\nCall Trace:\n <TASK>\n dump_stack_lvl+0x44/0x5b\n process_one_work.cold+0x57/0x5c\n worker_thread+0x82/0x600\n kthread+0x153/0x190\n ret_from_fork+0x22/0x30\n </TASK>\n\nFound by Linux Verification Center (linuxtesting.org)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9d5012ffe14120f978ee34aef4df3d6cb026b7c4","lessThan":"8e3a3192ef78d8302916408d62813b1fddfc8972","versionType":"git","status":"affected"},{"version":"ac98d54630d5b52e3f684d872f0d82c06c418ea9","lessThan":"f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2","versionType":"git","status":"affected"},{"version":"1e858a7a51c7b8b009d8f246de7ceb7743b44a71","lessThan":"cf29329a13df79c198b45dfc92577638d30b56fa","versionType":"git","status":"affected"},{"version":"814cfdb6358d9b84fcbec9918c8f938cc096a43a","lessThan":"34d6691933682f0516259a31b39d2cebcedec0a5","versionType":"git","status":"affected"},{"version":"d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694","lessThan":"0c578e8065c4b08d5635a4cbc0f6321df9d20f79","versionType":"git","status":"affected"},{"version":"d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694","lessThan":"4c38600feb81c670edb82e49d201d3d2d00cd4c3","versionType":"git","status":"affected"},{"version":"d5fc1400a34b4ea5e8f2ce296ea12bf8c8421694","lessThan":"a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8","versionType":"git","status":"affected"},{"version":"a7dddd62578c2eb6cb28b8835556a121b5157323","versionType":"git","status":"affected"},{"version":"a726fef6d7d4cfc365d3434e3916dbfe78991a33","versionType":"git","status":"affected"},{"version":"5.15.190","lessThan":"5.15.203","versionType":"semver","status":"affected"},{"version":"6.1.149","lessThan":"6.1.167","versionType":"semver","status":"affected"},{"version":"6.6.103","lessThan":"6.6.130","versionType":"semver","status":"affected"},{"version":"6.12.43","lessThan":"6.12.78","versionType":"semver","status":"affected"},{"version":"6.15.11","lessThan":"6.16","versionType":"semver","status":"affected"},{"version":"6.16.2","lessThan":"6.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.17","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.190","versionEndExcluding":"5.15.203","matchCriteriaId":"D3B19451-1EDC-4045-8D4B-1BEDB199849C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.149","versionEndExcluding":"6.1.167","matchCriteriaId":"CE0D98FF-30E0-4698-AD29-45EAD3D395C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.103","versionEndExcluding":"6.6.130","matchCriteriaId":"DCCF8093-2361-475C-98D3-BF8E8B6F464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.43","versionEndExcluding":"6.12.78","matchCriteriaId":"59231884-6EBA-432B-AF94-C5AC97FA45F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.11","versionEndExcluding":"6.16","matchCriteriaId":"53FE35DC-2528-48D7-A855-1127CA02EE4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.2","versionEndExcluding":"6.18.17","matchCriteriaId":"264BE5B8-4BAC-4C71-B436-7ADA34610EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c578e8065c4b08d5635a4cbc0f6321df9d20f79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/34d6691933682f0516259a31b39d2cebcedec0a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c38600feb81c670edb82e49d201d3d2d00cd4c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8e3a3192ef78d8302916408d62813b1fddfc8972","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a09dc10d1353f0e92c21eae2a79af1c2b1ddcde8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf29329a13df79c198b45dfc92577638d30b56fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f221baa80e5959a0c08a7e34abbf2a4d3cf0e1c2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45925","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.343","lastModified":"2026-06-25T12:40:42.490","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/of: Fix reference leak in thermal_of_cm_lookup()\n\nIn thermal_of_cm_lookup(), tr_np is obtained via of_parse_phandle(), but\nnever released.\n\nUse the __free(device_node) cleanup attribute to automatically release\nthe node and fix the leak.\n\n[ rjw: Changelog edits ]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/thermal/thermal_of.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e11df3bffde16fd3b6843aadfb921b5be0f8b55a","lessThan":"8af710156c53cdb392d529497ef2b3a10a1f9370","versionType":"git","status":"affected"},{"version":"423de5b5bc5b267586b449abd1c4fde562aa0cf9","lessThan":"8344d5da9df74fdbef676214d0c482fc822a01ca","versionType":"git","status":"affected"},{"version":"423de5b5bc5b267586b449abd1c4fde562aa0cf9","lessThan":"025796ccd7f9f2e013e12319de26b6c021a80c1f","versionType":"git","status":"affected"},{"version":"423de5b5bc5b267586b449abd1c4fde562aa0cf9","lessThan":"a1fe789a96fe47733c133134fd264cb7ca832395","versionType":"git","status":"affected"},{"version":"a1e9e19a70eed67a69ca697368739ea1a3ba5780","versionType":"git","status":"affected"},{"version":"6.12.18","lessThan":"6.12.75","versionType":"semver","status":"affected"},{"version":"6.13.6","lessThan":"6.14","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/thermal/thermal_of.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.18","versionEndExcluding":"6.12.75","matchCriteriaId":"A9C92E7E-2813-4624-8B07-4848341D120C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.6","versionEndExcluding":"6.14","matchCriteriaId":"E9FE6DC2-7E8C-4FB9-9E21-FFC47618B8F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.1","versionEndExcluding":"6.18.14","matchCriteriaId":"192204F5-6610-4CE8-B064-F81F4893498C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*","matchCriteriaId":"7DE421BA-0600-4401-A175-73CAB6A6FB4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*","matchCriteriaId":"45B90F6B-BEC7-4D4E-883A-9DBADE021750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*","matchCriteriaId":"1759FFB7-531C-41B1-9AE1-FD3D80E0D920"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*","matchCriteriaId":"AD948719-8628-4421-A340-1066314BBD4A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/025796ccd7f9f2e013e12319de26b6c021a80c1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8344d5da9df74fdbef676214d0c482fc822a01ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8af710156c53cdb392d529497ef2b3a10a1f9370","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a1fe789a96fe47733c133134fd264cb7ca832395","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45926","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.473","lastModified":"2026-06-25T12:41:36.450","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrust: pwm: Fix potential memory leak on init error\n\nWhen initializing a PWM chip using pwmchip_alloc(), the allocated device\nowns an initial reference that must be released on all error paths.\n\nIf __pinned_init() were to fail, the allocated pwm_chip would currently\nleak because the error path returns without calling pwmchip_put()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["rust/kernel/pwm.rs"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7b3dce814a15bc5d9fb6124cd945291012c4ebb9","lessThan":"baa8b7097d9cc68ff85819cf683972a58c2ce32b","versionType":"git","status":"affected"},{"version":"7b3dce814a15bc5d9fb6124cd945291012c4ebb9","lessThan":"a2633dc243c35754a0c2270131d8a199c987c9bf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["rust/kernel/pwm.rs"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a2633dc243c35754a0c2270131d8a199c987c9bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baa8b7097d9cc68ff85819cf683972a58c2ce32b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45927","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.583","lastModified":"2026-06-25T12:42:18.767","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Require frozen map for calculating map hash\n\nCurrently, bpf_map_get_info_by_fd calculates and caches the hash of the\nmap regardless of the map's frozen state.\n\nThis leads to a TOCTOU bug where userspace can call\nBPF_OBJ_GET_INFO_BY_FD to cache the hash and then modify the map\ncontents before freezing.\n\nTherefore, a trusted loader can be tricked into verifying the stale hash\nwhile loading the modified contents.\n\nFix this by returning -EPERM if the map is not frozen when the hash is\nrequested. This ensures the hash is only generated for the final,\nimmutable state of the map."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ea2e6467ac36bf3d785defc89e58269b15d182f7","lessThan":"7752d36343862323bbeea4ce3adf0ec2ed86e122","versionType":"git","status":"affected"},{"version":"ea2e6467ac36bf3d785defc89e58269b15d182f7","lessThan":"f415e114b58fe02c41191e47f24bdabb438daf72","versionType":"git","status":"affected"},{"version":"ea2e6467ac36bf3d785defc89e58269b15d182f7","lessThan":"a2c86aa621c22f2a7e26c654f936d65cfff0aa91","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.14","matchCriteriaId":"3E0E101B-8972-4E77-80E0-D97AC3CA57C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7752d36343862323bbeea4ce3adf0ec2ed86e122","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2c86aa621c22f2a7e26c654f936d65cfff0aa91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f415e114b58fe02c41191e47f24bdabb438daf72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45928","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.707","lastModified":"2026-06-25T12:42:58.937","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix memory leak on codec_info allocation failure\n\nIn wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is\nallocated via kzalloc(). If the subsequent allocation for inst->codec_info\nfails, the functions return -ENOMEM without freeing the previously\nallocated instance, causing a memory leak.\n\nFix this by calling kfree() on the instance in this error path to ensure\nit is properly released."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/platform/chips-media/wave5/wave5-vpu-dec.c","drivers/media/platform/chips-media/wave5/wave5-vpu-enc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9707a6254a8a6b978bde811a44fe07d86c229d1c","lessThan":"52defdd4034db1a34bb48006f889d66a3629224b","versionType":"git","status":"affected"},{"version":"9707a6254a8a6b978bde811a44fe07d86c229d1c","lessThan":"1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495","versionType":"git","status":"affected"},{"version":"9707a6254a8a6b978bde811a44fe07d86c229d1c","lessThan":"32e9e45cf7e3422d21fa64535588d3572faf71c3","versionType":"git","status":"affected"},{"version":"9707a6254a8a6b978bde811a44fe07d86c229d1c","lessThan":"a519e21e32398459ba357e67b541402f7295ee1b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/platform/chips-media/wave5/wave5-vpu-dec.c","drivers/media/platform/chips-media/wave5/wave5-vpu-enc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.75","matchCriteriaId":"4A94C3E7-EF78-4AF2-8160-DDF77E97D5EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/32e9e45cf7e3422d21fa64535588d3572faf71c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52defdd4034db1a34bb48006f889d66a3629224b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a519e21e32398459ba357e67b541402f7295ee1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45929","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.833","lastModified":"2026-06-25T12:43:33.257","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\novpn: fix possible use-after-free in ovpn_net_xmit\n\nWhen building the skb_list in ovpn_net_xmit, skb_share_check will free\nthe original skb if it is shared. The current implementation continues\nto use the stale skb pointer for subsequent operations:\n- peer lookup,\n- skb_dst_drop (even though all segments produced by skb_gso_segment\n  will have a dst attached),\n- ovpn_peer_stats_increment_tx.\n\nFix this by moving the peer lookup and skb_dst_drop before segmentation\nso that the original skb is still valid when used. Return early if all\nsegments fail skb_share_check and the list ends up empty.\nAlso switch ovpn_peer_stats_increment_tx to use skb_list.next; the next\npatch fixes the stats logic."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ovpn/io.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"08857b5ec5d91d83e69e40a36554a8c7557b7301","lessThan":"3e4fbcb4e078915367ba5576cd70d76dbc970f95","versionType":"git","status":"affected"},{"version":"08857b5ec5d91d83e69e40a36554a8c7557b7301","lessThan":"442915c96a9bff1c7080e2aedabb1c03faa28d81","versionType":"git","status":"affected"},{"version":"08857b5ec5d91d83e69e40a36554a8c7557b7301","lessThan":"a5ec7baa44ea3a1d6aa0ca31c0ad82edf9affe41","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ovpn/io.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.14","matchCriteriaId":"974ECCCC-3CBB-4A66-9A34-82621077D7F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3e4fbcb4e078915367ba5576cd70d76dbc970f95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/442915c96a9bff1c7080e2aedabb1c03faa28d81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5ec7baa44ea3a1d6aa0ca31c0ad82edf9affe41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45930","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:08.947","lastModified":"2026-06-25T12:46:02.230","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: ensure our nlmsg responses are initialised\n\nSyed Faraz Abrar (@farazsth98) from Zellic, and Pumpkin (@u1f383) from\nDEVCORE Research Team working with Trend Micro Zero Day Initiative\nreport that a RTM_GETNEIGH will return uninitalised data in the pad\nbytes of the ndmsg data.\n\nEnsure we're initialising the netlink data to zero, in the link, addr\nand neigh response messages."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/mctp/device.c","net/mctp/neigh.c","net/mctp/route.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"b37da3ac099e145bcd3be82c745a8d335772e3af","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"c4f840437e7641764de15f2de951ac8335d641f1","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"963537a26fd892f7e414a091f807b44aeee97a7d","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"976612471a9e6ead6ceffc241e4d0a1aac90b36a","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"54ed418de62a148a655262da682a050fa05f7924","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"6fb6a97c86abb8592158088afaea0eb464cf9de1","versionType":"git","status":"affected"},{"version":"583be982d93479ea3d85091b0fd0b01201ede87d","lessThan":"a6a9bc544b675d8b5180f2718ec985ad267b5cbf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/mctp/device.c","net/mctp/neigh.c","net/mctp/route.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.210","matchCriteriaId":"E428FDA8-EA6D-4CEA-9119-E203A1A8C891"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.35","matchCriteriaId":"0FCCB23A-7629-4386-93B6-B119237C4382"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/54ed418de62a148a655262da682a050fa05f7924","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fb6a97c86abb8592158088afaea0eb464cf9de1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/963537a26fd892f7e414a091f807b44aeee97a7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/976612471a9e6ead6ceffc241e4d0a1aac90b36a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6a9bc544b675d8b5180f2718ec985ad267b5cbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b37da3ac099e145bcd3be82c745a8d335772e3af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4f840437e7641764de15f2de951ac8335d641f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45931","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.053","lastModified":"2026-06-25T12:46:49.770","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Hold mm structure across iommu_sva_unbind_device()\n\nSome tests trigger a crash in iommu_sva_unbind_device() due to\naccessing iommu_mm after the associated mm structure has been\nfreed.\n\nFix this by taking an explicit reference to the mm structure\nafter successfully binding the device, and releasing it only\nafter the device is unbound. This ensures the mm remains valid\nfor the entire SVA bind/unbind lifetime."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/accel/amdxdna/amdxdna_pci_drv.c","drivers/accel/amdxdna/amdxdna_pci_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"be462c97b7dfd24999babe39cce3de224ebe1f80","lessThan":"f6b4c1d98a7b8040d4d02e89425b3942016a2c2c","versionType":"git","status":"affected"},{"version":"be462c97b7dfd24999babe39cce3de224ebe1f80","lessThan":"f31ccf6278132a35a652fe5eeac3941e1e912398","versionType":"git","status":"affected"},{"version":"be462c97b7dfd24999babe39cce3de224ebe1f80","lessThan":"a9162439ad792afcddc04718408ec1380b7a5f63","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/accel/amdxdna/amdxdna_pci_drv.c","drivers/accel/amdxdna/amdxdna_pci_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.14","matchCriteriaId":"C969BF0A-760D-435A-9705-6ED20216C1BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a9162439ad792afcddc04718408ec1380b7a5f63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f31ccf6278132a35a652fe5eeac3941e1e912398","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f6b4c1d98a7b8040d4d02e89425b3942016a2c2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45932","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.173","lastModified":"2026-06-24T17:11:18.043","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix tcx/netkit detach permissions when prog fd isn't given\n\nThis commit fixes a security issue where BPF_PROG_DETACH on tcx or\nnetkit devices could be executed by any user when no program fd was\nprovided, bypassing permission checks. The fix adds a capability\ncheck for CAP_NET_ADMIN or CAP_SYS_ADMIN in this case."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/bpf.h","include/linux/bpf_mprog.h","kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e420bed025071a623d2720a92bc2245c84757ecb","lessThan":"4e0772cded109c238411f2fac36ac39302758b81","versionType":"git","status":"affected"},{"version":"e420bed025071a623d2720a92bc2245c84757ecb","lessThan":"3f04cc1e5374da4c5e791ae010a06cfea7bacbe6","versionType":"git","status":"affected"},{"version":"e420bed025071a623d2720a92bc2245c84757ecb","lessThan":"ae23bc81ddf7c17b663c4ed1b21e35527b0a7131","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/linux/bpf.h","include/linux/bpf_mprog.h","kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.14","matchCriteriaId":"EC96AA9F-8E4E-40DB-8D86-A624555C2421"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3f04cc1e5374da4c5e791ae010a06cfea7bacbe6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e0772cded109c238411f2fac36ac39302758b81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae23bc81ddf7c17b663c4ed1b21e35527b0a7131","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45933","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.297","lastModified":"2026-06-24T17:11:11.247","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Preserve id of register in sync_linked_regs()\n\nsync_linked_regs() copies the id of known_reg to reg when propagating\nbounds of known_reg to reg using the off of known_reg, but when\nknown_reg was linked to reg like:\n\nknown_reg = reg         ; both known_reg and reg get same id\nknown_reg += 4          ; known_reg gets off = 4, and its id gets BPF_ADD_CONST\n\nnow when a call to sync_linked_regs() happens, let's say with the following:\n\nif known_reg >= 10 goto pc+2\n\nknown_reg's new bounds are propagated to reg but now reg gets\nBPF_ADD_CONST from the copy.\n\nThis means if another link to reg is created like:\n\nanother_reg = reg       ; another_reg should get the id of reg but\n                          assign_scalar_id_before_mov() sees\n                          BPF_ADD_CONST on reg and assigns a new id to it.\n\nAs reg has a new id now, known_reg's link to reg is broken. If we find\nnew bounds for known_reg, they will not be propagated to reg.\n\nThis can be seen in the selftest added in the next commit:\n\n0: (85) call bpf_get_prandom_u32#7    ; R0=scalar()\n1: (57) r0 &= 255                     ; R0=scalar(smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff))\n2: (bf) r1 = r0                       ; R0=scalar(id=1,smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff)) R1=scalar(id=1,smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff))\n3: (07) r1 += 4                       ; R1=scalar(id=1+4,smin=umin=smin32=umin32=4,smax=umax=smax32=umax32=259,var_off=(0x0; 0x1ff))\n4: (a5) if r1 < 0xa goto pc+4         ; R1=scalar(id=1+4,smin=umin=smin32=umin32=10,smax=umax=smax32=umax32=259,var_off=(0x0; 0x1ff))\n5: (bf) r2 = r0                       ; R0=scalar(id=2,smin=umin=smin32=umin32=6,smax=umax=smax32=umax32=255) R2=scalar(id=2,smin=umin=smin32=umin32=6,smax=umax=smax32=umax32=255)\n6: (a5) if r1 < 0xe goto pc+2         ; R1=scalar(id=1+4,smin=umin=smin32=umin32=14,smax=umax=smax32=umax32=259,var_off=(0x0; 0x1ff))\n7: (35) if r0 >= 0xa goto pc+1        ; R0=scalar(id=2,smin=umin=smin32=umin32=6,smax=umax=smax32=umax32=9,var_off=(0x0; 0xf))\n8: (37) r0 /= 0\ndiv by zero\n\nWhen 4 is verified, r1's bounds are propagated to r0 but r0 also gets\nBPF_ADD_CONST (bug).\nWhen 5 is verified, r0 gets a new id (2) and its link with r1 is broken.\n\nAfter 6 we know r1 has bounds [14, 259] and therefore r0 should have\nbounds [10, 255], therefore the branch at 7 is always taken. But because\nr0's id was changed to 2, r1's new bounds are not propagated to r0.\nThe verifier still thinks r0 has bounds [6, 255] before 7 and execution\ncan reach div by zero.\n\nFix this by preserving id in sync_linked_regs() like off and subreg_def."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/verifier.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"98d7ca374ba4b39e7535613d40e159f09ca14da2","lessThan":"58059335e46537de682db84984f7716c813208c4","versionType":"git","status":"affected"},{"version":"98d7ca374ba4b39e7535613d40e159f09ca14da2","lessThan":"92a8cb1806adefb263cf096eab6705705cf7eee1","versionType":"git","status":"affected"},{"version":"98d7ca374ba4b39e7535613d40e159f09ca14da2","lessThan":"65d114b5270b62aefb820ecd6c3b7caeea8f895d","versionType":"git","status":"affected"},{"version":"98d7ca374ba4b39e7535613d40e159f09ca14da2","lessThan":"af9e89d8dd39530c8bd14c33ddf6b502df1071b6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/verifier.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.75","matchCriteriaId":"A05DCA5C-0E7E-47B5-899A-41DDF296199E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/58059335e46537de682db84984f7716c813208c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/65d114b5270b62aefb820ecd6c3b7caeea8f895d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/92a8cb1806adefb263cf096eab6705705cf7eee1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af9e89d8dd39530c8bd14c33ddf6b502df1071b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45934","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.480","lastModified":"2026-06-24T17:11:04.903","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation\n\nI have been observing a number of systems aborting at\ninsert_dev_extents() in btrfs_create_pending_block_groups(). The\nfollowing is a sample stack trace of such an abort coming from forced\nchunk allocation (typically behind CONFIG_BTRFS_EXPERIMENTAL) but this\ncan theoretically happen to any DUP chunk allocation.\n\n  [81.801] ------------[ cut here ]------------\n  [81.801] BTRFS: Transaction aborted (error -17)\n  [81.801] WARNING: fs/btrfs/block-group.c:2876 at btrfs_create_pending_block_groups+0x721/0x770 [btrfs], CPU#1: bash/319\n  [81.802] Modules linked in: virtio_net btrfs xor zstd_compress raid6_pq null_blk\n  [81.803] CPU: 1 UID: 0 PID: 319 Comm: bash Kdump: loaded Not tainted 6.19.0-rc6+ #319 NONE\n  [81.803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.17.0-2-2 04/01/2014\n  [81.804] RIP: 0010:btrfs_create_pending_block_groups+0x723/0x770 [btrfs]\n  [81.806] RSP: 0018:ffffa36241a6bce8 EFLAGS: 00010282\n  [81.806] RAX: 000000000000000d RBX: ffff8e699921e400 RCX: 0000000000000000\n  [81.807] RDX: 0000000002040001 RSI: 00000000ffffffef RDI: ffffffffc0608bf0\n  [81.807] RBP: 00000000ffffffef R08: ffff8e69830f6000 R09: 0000000000000007\n  [81.808] R10: ffff8e699921e5e8 R11: 0000000000000000 R12: ffff8e6999228000\n  [81.808] R13: ffff8e6984d82000 R14: ffff8e69966a69c0 R15: ffff8e69aa47b000\n  [81.809] FS:  00007fec6bdd9740(0000) GS:ffff8e6b1b379000(0000) knlGS:0000000000000000\n  [81.809] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [81.810] CR2: 00005604833670f0 CR3: 0000000116679000 CR4: 00000000000006f0\n  [81.810] Call Trace:\n  [81.810]  <TASK>\n  [81.810]  __btrfs_end_transaction+0x3e/0x2b0 [btrfs]\n  [81.811]  btrfs_force_chunk_alloc_store+0xcd/0x140 [btrfs]\n  [81.811]  kernfs_fop_write_iter+0x15f/0x240\n  [81.812]  vfs_write+0x264/0x500\n  [81.812]  ksys_write+0x6c/0xe0\n  [81.812]  do_syscall_64+0x66/0x770\n  [81.812]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  [81.813] RIP: 0033:0x7fec6be66197\n  [81.814] RSP: 002b:00007fffb159dd30 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n  [81.815] RAX: ffffffffffffffda RBX: 00007fec6bdd9740 RCX: 00007fec6be66197\n  [81.815] RDX: 0000000000000002 RSI: 0000560483374f80 RDI: 0000000000000001\n  [81.816] RBP: 0000560483374f80 R08: 0000000000000000 R09: 0000000000000000\n  [81.816] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002\n  [81.817] R13: 00007fec6bfb85c0 R14: 00007fec6bfb5ee0 R15: 00005604833729c0\n  [81.817]  </TASK>\n  [81.817] irq event stamp: 20039\n  [81.818] hardirqs last  enabled at (20047): [<ffffffff99a68302>] __up_console_sem+0x52/0x60\n  [81.818] hardirqs last disabled at (20056): [<ffffffff99a682e7>] __up_console_sem+0x37/0x60\n  [81.819] softirqs last  enabled at (19470): [<ffffffff999d2b46>] __irq_exit_rcu+0x96/0xc0\n  [81.819] softirqs last disabled at (19463): [<ffffffff999d2b46>] __irq_exit_rcu+0x96/0xc0\n  [81.820] ---[ end trace 0000000000000000 ]---\n  [81.820] BTRFS: error (device dm-7 state A) in btrfs_create_pending_block_groups:2876: errno=-17 Object already exists\n\nInspecting these aborts with drgn, I observed a pattern of overlapping\nchunk_maps. Note how stripe 1 of the first chunk overlaps in physical\naddress with stripe 0 of the second chunk.\n\nPhysical Start     Physical End       Length       Logical            Type                 Stripe\n----------------------------------------------------------------------------------------------------\n0x0000000102500000 0x0000000142500000 1.0G         0x0000000641d00000 META|DUP             0/2\n0x0000000142500000 0x0000000182500000 1.0G         0x0000000641d00000 META|DUP             1/2\n0x0000000142500000 0x0000000182500000 1.0G         0x0000000601d00000 META|DUP             0/2\n0x0000000182500000 0x00000001c2500000 1.0G         0x0000000601d00000 META|DUP             1/2\n\nNow how could this possibly happen? All chunk allocation is\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/btrfs/volumes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1b9845081633072c18f30d8cfd09c267adf0b109","lessThan":"7d4eadee7042d27fcea659fcdd738f463a7d2e70","versionType":"git","status":"affected"},{"version":"1b9845081633072c18f30d8cfd09c267adf0b109","lessThan":"156cac365e27a82b64ae510c5f463fd81f0265b1","versionType":"git","status":"affected"},{"version":"1b9845081633072c18f30d8cfd09c267adf0b109","lessThan":"b14c5e04bd0f722ed631845599d52d03fcae1bc1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/btrfs/volumes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.1","status":"affected"},{"version":"0","lessThan":"4.1","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.1","versionEndExcluding":"6.18.14","matchCriteriaId":"CEDF54D6-2C51-471F-814B-8D7AED5DAE54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*","matchCriteriaId":"FF76D52E-7076-4DA6-A18C-C3A98BFA0BF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc2:*:*:*:*:*:*","matchCriteriaId":"DE3D49F8-C500-4DE3-A8AE-42BE4E40A648"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc3:*:*:*:*:*:*","matchCriteriaId":"83D5E725-6A98-413E-8375-78A153833F73"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc4:*:*:*:*:*:*","matchCriteriaId":"866CAE02-6313-4BB8-B765-0A7EF1D46113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc5:*:*:*:*:*:*","matchCriteriaId":"2D6F8973-3692-484E-944C-B7234CE5BB47"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc6:*:*:*:*:*:*","matchCriteriaId":"8D237DD3-EFF7-4E26-901E-43DE555FBA63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1AB2D00D-8F31-4003-900A-1BAA17397036"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.1:rc8:*:*:*:*:*:*","matchCriteriaId":"12AFF404-7575-42B4-BA34-1D9DFE61EC76"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/156cac365e27a82b64ae510c5f463fd81f0265b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d4eadee7042d27fcea659fcdd738f463a7d2e70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b14c5e04bd0f722ed631845599d52d03fcae1bc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45935","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.613","lastModified":"2026-06-24T17:10:55.583","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot\n\nIn the 'DeleteIndexEntryRoot' case of the 'do_action' function, the\nentry size ('esize') is retrieved from the log record without adequate\nbounds checking.\n\nSpecifically, the code calculates the end of the entry ('e2') using:\n    e2 = Add2Ptr(e1, esize);\n\nIt then calculates the size for memmove using 'PtrOffset(e2, ...)',\nwhich subtracts the end pointer from the buffer limit. If 'esize' is\nmaliciously large, 'e2' exceeds the used buffer size. This results in\na negative offset which, when cast to size_t for memmove, interprets\nas a massive unsigned integer, leading to a heap buffer overflow.\n\nThis commit adds a check to ensure that the entry size ('esize') strictly\nfits within the remaining used space of the index header before performing\nmemory operations."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/fslog.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"36c03f7f177b34d51f1cf1d2304b1074607bf4b0","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"b271c9cb85927210b1b799e55ee7f702d12b4336","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"a584b9d1059b29e97e17c919274e9adfb846f2a0","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"c065541b71b79874c83d418a9acd18ad5826339b","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"78942172d5bff4d4afed8674abc09cc560ce44a0","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"f3b437a4c3e022a1449658ae9f3dd34859894513","versionType":"git","status":"affected"},{"version":"b46acd6a6a627d876898e1c84d3f84902264b445","lessThan":"b2bc7c44ed1779fc9eaab9a186db0f0d01439622","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/fslog.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.202","matchCriteriaId":"B0330CE4-09CE-43EF-A9C8-CD49FFD1DC98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/36c03f7f177b34d51f1cf1d2304b1074607bf4b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78942172d5bff4d4afed8674abc09cc560ce44a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a584b9d1059b29e97e17c919274e9adfb846f2a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b271c9cb85927210b1b799e55ee7f702d12b4336","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2bc7c44ed1779fc9eaab9a186db0f0d01439622","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c065541b71b79874c83d418a9acd18ad5826339b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3b437a4c3e022a1449658ae9f3dd34859894513","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45936","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.740","lastModified":"2026-06-24T17:10:03.263","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: goldfish: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/goldfish_battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"589d4fe56713c6344cd9f8939f9c7621c85f0966","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"bad8b61eb5059acd88349680e47839342dc89e94","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"33751e28842bf5aee5ef7b2b8d5e456a069095cb","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"77ea437faa4c06362e3ecfd2d7264eaa7ac1e82c","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"4350505e82b4f972ddb788e1c712c557c38859d0","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"8c89aade8335e26a6a7dcda18992d15f51943927","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"0b29ffe4090a3fc7a7649de20e1eb1e53adddac7","versionType":"git","status":"affected"},{"version":"84d7b768748943db2bb658b43931fdab04c224cc","lessThan":"b2ce982e2e0c888dc55c888ad0e20ea04daf2e6b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/goldfish_battery.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.9","status":"affected"},{"version":"0","lessThan":"3.9","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"5.10.252","matchCriteriaId":"DAC8F37C-5CCE-4EA4-9EC8-BF9786762E85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b29ffe4090a3fc7a7649de20e1eb1e53adddac7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33751e28842bf5aee5ef7b2b8d5e456a069095cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4350505e82b4f972ddb788e1c712c557c38859d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/589d4fe56713c6344cd9f8939f9c7621c85f0966","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77ea437faa4c06362e3ecfd2d7264eaa7ac1e82c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c89aade8335e26a6a7dcda18992d15f51943927","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2ce982e2e0c888dc55c888ad0e20ea04daf2e6b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bad8b61eb5059acd88349680e47839342dc89e94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45937","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.867","lastModified":"2026-06-24T17:09:52.983","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: inside-secure/eip93 - fix kernel panic in driver detach\n\nDuring driver detach, the same hash algorithm is unregistered multiple\ntimes due to a wrong iterator."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/inside-secure/eip93/eip93-main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"7530c3595d1e23bc5938cbd44b7e8f33457fc71f","versionType":"git","status":"affected"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"91c6f25075a8f8fbd7316d73e1edf281a94f78df","versionType":"git","status":"affected"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"b6e32ba6d32503440a3e3e16c8d0521cbb7e0c5d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/inside-secure/eip93/eip93-main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.14","matchCriteriaId":"4CC7C285-4CAC-4ED0-BEF1-D65CD5BA4AD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7530c3595d1e23bc5938cbd44b7e8f33457fc71f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91c6f25075a8f8fbd7316d73e1edf281a94f78df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b6e32ba6d32503440a3e3e16c8d0521cbb7e0c5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45938","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:09.977","lastModified":"2026-06-24T17:09:45.763","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: pm8916_lbc: Fix use-after-free in power_supply_changed()\n\nUsing the `devm_` variant for requesting IRQ _before_ the `devm_`\nvariant for allocating/registering the `power_supply` handle, means that\nthe `power_supply` handle will be deallocated/unregistered _before_ the\ninterrupt handler (since `devm_` naturally deallocates in reverse\nallocation order). This means that during removal, there is a race\ncondition where an interrupt can fire just _after_ the `power_supply`\nhandle has been freed, *but* just _before_ the corresponding\nunregistration of the IRQ handler has run.\n\nThis will lead to the IRQ handler calling `power_supply_changed()` with\na freed `power_supply` handle. Which usually crashes the system or\notherwise silently corrupts the memory...\n\nNote that there is a similar situation which can also happen during\n`probe()`; the possibility of an interrupt firing _before_ registering\nthe `power_supply` handle. This would then lead to the nasty situation\nof using the `power_supply` handle *uninitialized* in\n`power_supply_changed()`.\n\nFix this racy use-after-free by making sure the IRQ is requested _after_\nthe registration of the `power_supply` handle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/power/supply/pm8916_lbc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f8d7a3d21160a0cab4d15b81231f2a76b0fcee13","lessThan":"dbe579e620ef0f53db490ec79a8566e4ea8918ac","versionType":"git","status":"affected"},{"version":"f8d7a3d21160a0cab4d15b81231f2a76b0fcee13","lessThan":"08e674e9862a2db46fb234eb7c5442455ece0131","versionType":"git","status":"affected"},{"version":"f8d7a3d21160a0cab4d15b81231f2a76b0fcee13","lessThan":"d7d31fc99d248d5f47588f50dce5c7599c991c6a","versionType":"git","status":"affected"},{"version":"f8d7a3d21160a0cab4d15b81231f2a76b0fcee13","lessThan":"b7508129978ae1e2ed9b0410396abc05def9c4eb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/power/supply/pm8916_lbc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08e674e9862a2db46fb234eb7c5442455ece0131","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7508129978ae1e2ed9b0410396abc05def9c4eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7d31fc99d248d5f47588f50dce5c7599c991c6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbe579e620ef0f53db490ec79a8566e4ea8918ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45939","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.083","lastModified":"2026-06-24T17:09:37.397","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpib: Fix memory leak in ni_usb_init()\n\nIn ni_usb_init(), if ni_usb_setup_init() fails, the function returns\n-EFAULT without freeing the allocated writes buffer, leading to a\nmemory leak.\n\nAdditionally, ni_usb_setup_init() returns 0 on failure, which causes\nni_usb_init() to return -EFAULT, an inappropriate error code for this\nsituation.\n\nFix the leak by freeing writes in the error path. Modify\nni_usb_setup_init() to return -EINVAL on failure and propagate this\nerror code in ni_usb_init()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpib/ni_usb/ni_usb_gpib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4e127de14fa78bcd98c6459b0b984b8266cd0203","lessThan":"9c97fcfb7a62dea893104a046d544da8ac23370b","versionType":"git","status":"affected"},{"version":"4e127de14fa78bcd98c6459b0b984b8266cd0203","lessThan":"c899d4b62c0757a280831e89c1f3801b597e8f38","versionType":"git","status":"affected"},{"version":"4e127de14fa78bcd98c6459b0b984b8266cd0203","lessThan":"b89921eed8cf2d97250bac4be38dbcfbf048b586","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpib/ni_usb/ni_usb_gpib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9c97fcfb7a62dea893104a046d544da8ac23370b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b89921eed8cf2d97250bac4be38dbcfbf048b586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c899d4b62c0757a280831e89c1f3801b597e8f38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45940","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.193","lastModified":"2026-06-24T17:09:30.303","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix oops when split header is enabled\n\nFor GMAC4, when split header is enabled, in some rare cases, the\nhardware does not fill buf2 of the first descriptor with payload.\nThus we cannot assume buf2 is always fully filled if it is not\nthe last descriptor. Otherwise, the length of buf2 of the second\ndescriptor will be calculated wrong and cause an oops:\n\nUnable to handle kernel paging request at virtual address ffff00019246bfc0\n...\nx2 : 0000000000000040 x1 : ffff00019246bfc0 x0 : ffff00009246c000\nCall trace:\n dcache_inval_poc+0x28/0x58 (P)\n dma_direct_sync_single_for_cpu+0x38/0x6c\n __dma_sync_single_for_cpu+0x34/0x6c\n stmmac_napi_poll_rx+0x8f0/0xb60\n __napi_poll.constprop.0+0x30/0x144\n net_rx_action+0x160/0x274\n handle_softirqs+0x1b8/0x1fc\n...\n\nTo fix this, the PL bit-field in RDES3 register is used for all\ndescriptors, whether it is the last descriptor or not."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ec222003bd948de8f3ffbca522d328af1a8452ad","lessThan":"b1f23df09e7dbf4c86b6908dff7efb8cb2b7d609","versionType":"git","status":"affected"},{"version":"ec222003bd948de8f3ffbca522d328af1a8452ad","lessThan":"36f81cb7d82e9614a7058da6abdf2e3a03993df1","versionType":"git","status":"affected"},{"version":"ec222003bd948de8f3ffbca522d328af1a8452ad","lessThan":"babab1b42ed68877ef669a08384becf281ad2582","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.18.14","matchCriteriaId":"3A3C924E-3AA9-44B3-8FF4-987F799C6D82"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/36f81cb7d82e9614a7058da6abdf2e3a03993df1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1f23df09e7dbf4c86b6908dff7efb8cb2b7d609","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/babab1b42ed68877ef669a08384becf281ad2582","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45941","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.300","lastModified":"2026-06-24T17:09:17.513","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure\n\nget_burstcount() can return -EBUSY on timeout. When this happens, the\nfunction returns directly without releasing the locality that was\nacquired at the beginning of tpm_tis_i2c_send().\n\nUse goto out_err to ensure proper cleanup when get_burstcount() fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/tpm/tpm_i2c_infineon.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"8f124c5582d443ac9fb690db26d08cab5d6ba76e","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"c24c9c4cab11858f22f309521ba7ea5b1e7385f2","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"1bb8f8826d0748b4b92a98fb6b6dfe52081739f5","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"948966e546f29af04391d98b8e378e4a7670c1c1","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"a61b8412e3eb8b71646dba867e8252d8560a1a27","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"1a22048c1117cdfac185ba450aba67ed6b65dc87","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"2f7a665e1323359d99c74301d1e180f5e2c40181","versionType":"git","status":"affected"},{"version":"aad628c1d91a6db57e572e4c1f35e863d81061d7","lessThan":"bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/tpm/tpm_i2c_infineon.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.252","matchCriteriaId":"965F0918-954F-45C2-B7A3-70621FA7C51E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a22048c1117cdfac185ba450aba67ed6b65dc87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1bb8f8826d0748b4b92a98fb6b6dfe52081739f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f7a665e1323359d99c74301d1e180f5e2c40181","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8f124c5582d443ac9fb690db26d08cab5d6ba76e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/948966e546f29af04391d98b8e378e4a7670c1c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a61b8412e3eb8b71646dba867e8252d8560a1a27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bbd6e97c836cbeb9606d7b7e5dcf8a1d89525713","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c24c9c4cab11858f22f309521ba7ea5b1e7385f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45942","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.427","lastModified":"2026-06-24T17:09:10.047","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix e4b bitmap inconsistency reports\n\nA bitmap inconsistency issue was observed during stress tests under\nmixed huge-page workloads. Ext4 reported multiple e4b bitmap check\nfailures like:\n\next4_mb_complex_scan_group:2508: group 350, 8179 free clusters as\nper group info. But got 8192 blocks\n\nAnalysis and experimentation confirmed that the issue is caused by a\nrace condition between page migration and bitmap modification. Although\nthis timing window is extremely narrow, it is still hit in practice:\n\nfolio_lock                        ext4_mb_load_buddy\n__migrate_folio\n  check ref count\n  folio_mc_copy                     __filemap_get_folio\n                                      folio_try_get(folio)\n                                  ......\n                                  mb_mark_used\n                                  ext4_mb_unload_buddy\n  __folio_migrate_mapping\n    folio_ref_freeze\nfolio_unlock\n\nThe root cause of this issue is that the fast path of load_buddy only\nincrements the folio's reference count, which is insufficient to prevent\nconcurrent folio migration. We observed that the folio migration process\nacquires the folio lock. Therefore, we can determine whether to take the\nfast path in load_buddy by checking the lock status. If the folio is\nlocked, we opt for the slow path (which acquires the lock) to close this\nconcurrency window.\n\nAdditionally, this change addresses the following issues:\n\nWhen the DOUBLE_CHECK macro is enabled to inspect bitmap-related\nissues, the following error may be triggered:\n\ncorruption in group 324 at byte 784(6272): f in copy != ff on\ndisk/prealloc\n\nAnalysis reveals that this is a false positive. There is a specific race\nwindow where the bitmap and the group descriptor become momentarily\ninconsistent, leading to this error report:\n\next4_mb_load_buddy                   ext4_mb_load_buddy\n  __filemap_get_folio(create|lock)\n    folio_lock\n  ext4_mb_init_cache\n    folio_mark_uptodate\n                                     __filemap_get_folio(no lock)\n                                     ......\n                                     mb_mark_used\n                                       mb_mark_used_double\n  mb_cmp_bitmaps\n                                       mb_set_bits(e4b->bd_bitmap)\n  folio_unlock\n\nThe original logic assumed that since mb_cmp_bitmaps is called when the\nbitmap is newly loaded from disk, the folio lock would be sufficient to\nprevent concurrent access. However, this overlooks a specific race\ncondition: if another process attempts to load buddy and finds the folio\nis already in an uptodate state, it will immediately begin using it without\nholding folio lock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c9de560ded61faa5b754137b7753da252391c55a","lessThan":"57e83bfbe1e412ac42daced2086f3c6f9a17bba0","versionType":"git","status":"affected"},{"version":"c9de560ded61faa5b754137b7753da252391c55a","lessThan":"c05033cfc5c7699cd4df8d48cef94d01da755f24","versionType":"git","status":"affected"},{"version":"c9de560ded61faa5b754137b7753da252391c55a","lessThan":"29a07d691d282faf38c33d4b61839b89399110f9","versionType":"git","status":"affected"},{"version":"c9de560ded61faa5b754137b7753da252391c55a","lessThan":"f29709a7a3fc38f5015d850504762cdef0e151f9","versionType":"git","status":"affected"},{"version":"c9de560ded61faa5b754137b7753da252391c55a","lessThan":"bdc56a9c46b2a99c12313122b9352b619a2e719e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"6.6.130","matchCriteriaId":"F63C0224-D6A0-4E52-A75A-D9016CE6983E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/29a07d691d282faf38c33d4b61839b89399110f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57e83bfbe1e412ac42daced2086f3c6f9a17bba0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bdc56a9c46b2a99c12313122b9352b619a2e719e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c05033cfc5c7699cd4df8d48cef94d01da755f24","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f29709a7a3fc38f5015d850504762cdef0e151f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45943","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.557","lastModified":"2026-06-24T17:09:01.847","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inline data read failure for ztailpacking pclusters\n\nCompressed folios for ztailpacking pclusters must be valid before adding\nthese pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()\nmay assume they are already valid and then trigger a NULL pointer\ndereference.\n\nIt is somewhat hard to reproduce because the inline data is in the same\nblock as the tail of the compressed indexes, which are usually read just\nbefore. However, it may still happen if a fatal signal arrives while\nread_mapping_folio() is running, as shown below:\n\n erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n\n ...\n\n pc : z_erofs_decompress_queue+0x4c8/0xa14\n lr : z_erofs_decompress_queue+0x160/0xa14\n sp : ffffffc08b3eb3a0\n x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000\n x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001\n x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700\n x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098\n x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004\n x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9\n x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\n x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020\n x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n  z_erofs_decompress_queue+0x4c8/0xa14\n  z_erofs_runqueue+0x908/0x97c\n  z_erofs_read_folio+0x128/0x228\n  filemap_read_folio+0x68/0x128\n  filemap_get_pages+0x44c/0x8b4\n  filemap_read+0x12c/0x5b8\n  generic_file_read_iter+0x4c/0x15c\n  do_iter_readv_writev+0x188/0x1e0\n  vfs_iter_read+0xac/0x1a4\n  backing_file_read_iter+0x170/0x34c\n  ovl_read_iter+0xf0/0x140\n  vfs_read+0x28c/0x344\n  ksys_read+0x80/0xf0\n  __arm64_sys_read+0x24/0x34\n  invoke_syscall+0x60/0x114\n  el0_svc_common+0x88/0xe4\n  do_el0_svc+0x24/0x30\n  el0_svc+0x40/0xa8\n  el0t_64_sync_handler+0x70/0xbc\n  el0t_64_sync+0x1bc/0x1c0\n\nFix this by reading the inline data before allocating and adding\nthe pclusters to the I/O chains."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/erofs/zdata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cecf864d3d76d50e3d9c58145e286a0b8c284e92","lessThan":"ad07ea069f924465061cfee40ef2861bb99f4dd8","versionType":"git","status":"affected"},{"version":"cecf864d3d76d50e3d9c58145e286a0b8c284e92","lessThan":"5de1aa0bf3a5db0b3cbf61959da5ac61250833ed","versionType":"git","status":"affected"},{"version":"cecf864d3d76d50e3d9c58145e286a0b8c284e92","lessThan":"92088bd9aa2a7246bba8b9648fbc64edd173cf17","versionType":"git","status":"affected"},{"version":"cecf864d3d76d50e3d9c58145e286a0b8c284e92","lessThan":"c134a40f86efb8d6b5a949ef70e06d5752209be5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/erofs/zdata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.78","matchCriteriaId":"D63EA9D8-C006-4E77-BDF1-A16D81078A10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5de1aa0bf3a5db0b3cbf61959da5ac61250833ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/92088bd9aa2a7246bba8b9648fbc64edd173cf17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad07ea069f924465061cfee40ef2861bb99f4dd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c134a40f86efb8d6b5a949ef70e06d5752209be5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46064","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:26.867","lastModified":"2026-06-24T17:08:55.447","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nibmasm: fix heap over-read in ibmasm_send_i2o_message()\n\nThe ibmasm_send_i2o_message() function uses get_dot_command_size() to\ncompute the byte count for memcpy_toio(), but this value is derived from\nuser-controlled fields in the dot_command_header (command_size: u8,\ndata_size: u16) and is never validated against the actual allocation size.\nA root user can write a small buffer with inflated header fields, causing\nmemcpy_toio() to read up to ~65 KB past the end of the allocation into\nadjacent kernel heap, which is then forwarded to the service processor\nover MMIO.\n\nSilently clamping the copy size is not sufficient: if the header fields\nclaim a larger size than the buffer, the SP receives a dot command whose\nown header is inconsistent with the I2O message length, which can cause\nthe SP to desynchronize. Reject such commands outright by returning\nfailure.\n\nValidate command_size before calling get_mfa_inbound() to avoid leaking\nan I2O message frame: reading INBOUND_QUEUE_PORT dequeues a hardware\nframe from the controller's free pool, and returning without a\ncorresponding set_mfa_inbound() call would permanently exhaust it.\n\nAdditionally, clamp command_size to I2O_COMMAND_SIZE before the\nmemcpy_toio() so the MMIO write stays within the I2O message frame,\nconsistent with the clamping already performed by outgoing_message_size()\nfor the header field."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/misc/ibmasm/lowlevel.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ca1c857e2bb74a9fc0606128334f85316d57067b","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b870f652877bfbe321bd0f4096fc37a93296f7b6","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ce57fa439bd1b5d664f334a0c3e3f0e42abb0153","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"fd19eb1c75047a4ed4e855f56cafd704dc3914e0","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"fe31722b0194ff76bf8b461e8bf97a2081147787","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c1c2417c60dbdca5ebb00462f21ee71c2d7f7083","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9e8f6c9d4ecddda2f28baa1678340286cff3969c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9aad71144fa3682cca3837a06c8623016790e7ec","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/misc/ibmasm/lowlevel.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9aad71144fa3682cca3837a06c8623016790e7ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e8f6c9d4ecddda2f28baa1678340286cff3969c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b870f652877bfbe321bd0f4096fc37a93296f7b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1c2417c60dbdca5ebb00462f21ee71c2d7f7083","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca1c857e2bb74a9fc0606128334f85316d57067b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce57fa439bd1b5d664f334a0c3e3f0e42abb0153","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd19eb1c75047a4ed4e855f56cafd704dc3914e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe31722b0194ff76bf8b461e8bf97a2081147787","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46065","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:27.050","lastModified":"2026-06-24T17:08:46.490","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info\n\nHold state of deferred I/O in struct fb_deferred_io_state. Allocate an\ninstance as part of initializing deferred I/O and remove it only after\nthe final mapping has been closed. If the fb_info and the contained\ndeferred I/O meanwhile goes away, clear struct fb_deferred_io_state.info\nto invalidate the mapping. Any access will then result in a SIGBUS\nsignal.\n\nFixes a long-standing problem, where a device hot-unplug happens while\nuser space still has an active mapping of the graphics memory. The hot-\nunplug frees the instance of struct fb_info. Accessing the memory will\noperate on undefined state."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/video/fbdev/core/fb_defio.c","include/linux/fb.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"4aab89603b637a2e441b38808c4f6fe7d1184df6","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"4fda0d6b45faad44926dd3e4f55f118d899b2e27","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"2a40f8bc9bb713329f1c35ffc199ee961a7135b0","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"2b53d3a52e8e5403a4f4fb57ac6cad3fd2cb1066","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"25c2b77bc463f29ee71a54b883548baf9386a0db","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"a0aafb421dd15e935d81543152617f2742cefa70","versionType":"git","status":"affected"},{"version":"60b59beafba875aef6d378078bce0baf2287ae14","lessThan":"9ded47ad003f09a94b6a710b5c47f4aa5ceb7429","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/video/fbdev/core/fb_defio.c","include/linux/fb.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.22","status":"affected"},{"version":"0","lessThan":"2.6.22","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.15.210","matchCriteriaId":"D0822DE2-87B7-4AAA-8C9C-619AB726A035"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25c2b77bc463f29ee71a54b883548baf9386a0db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a40f8bc9bb713329f1c35ffc199ee961a7135b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2b53d3a52e8e5403a4f4fb57ac6cad3fd2cb1066","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4aab89603b637a2e441b38808c4f6fe7d1184df6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fda0d6b45faad44926dd3e4f55f118d899b2e27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ded47ad003f09a94b6a710b5c47f4aa5ceb7429","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0aafb421dd15e935d81543152617f2742cefa70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46066","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:27.320","lastModified":"2026-06-24T17:04:07.387","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix num_ops off-by-one when crypto allocation fails\n\nmove_dirty_folio_in_page_array() may fail if the file is encrypted, the\ndirty folio is not the first in the batch, and it fails to allocate a\nbounce buffer to hold the ciphertext. When that happens,\nceph_process_folio_batch() simply redirties the folio and flushes the\ncurrent batch -- it can retry that folio in a future batch.\n\nHowever, if this failed folio is not contiguous with the last folio that\ndid make it into the batch, then ceph_process_folio_batch() has already\nincremented `ceph_wbc->num_ops`; because it doesn't follow through and\nadd the discontiguous folio to the array, ceph_submit_write() -- which\nexpects that `ceph_wbc->num_ops` accurately reflects the number of\ncontiguous ranges (and therefore the required number of \"write extent\"\nops) in the writeback -- will panic the kernel:\n\n    BUG_ON(ceph_wbc->op_idx + 1 != req->r_num_ops);\n\nThis issue can be reproduced on affected kernels by writing to\nfscrypt-enabled CephFS file(s) with a 4KiB-written/4KiB-skipped/repeat\npattern (total filesize should not matter) and gradually increasing the\nsystem's memory pressure until a bounce buffer allocation fails.\n\nFix this crash by decrementing `ceph_wbc->num_ops` back to the correct\nvalue when move_dirty_folio_in_page_array() fails, but the folio already\nstarted counting a new (i.e. still-empty) extent.\n\nThe defect corrected by this patch has existed since 2022 (see first\n`Fixes:`), but another bug blocked multi-folio encrypted writeback until\nrecently (see second `Fixes:`). The second commit made it into 6.18.16,\n6.19.6, and 7.0-rc1, unmasking the panic in those versions. This patch\ntherefore fixes a regression (panic) introduced by cac190c7674f."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ceph/addr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d55207717ded95c8f2760a30e93319fa313186e6","lessThan":"6200f41d6fcf2ac7e24866431e381cbc914560e4","versionType":"git","status":"affected"},{"version":"d55207717ded95c8f2760a30e93319fa313186e6","lessThan":"ba12c1e578890f6337a415b7dedf476c6d455105","versionType":"git","status":"affected"},{"version":"d55207717ded95c8f2760a30e93319fa313186e6","lessThan":"a0d9555bf9eaeba34fe6b6bb86f442fe08ba3842","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ceph/addr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.30","matchCriteriaId":"664D2AF8-363B-4789-A43E-2EDBF84B4C13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6200f41d6fcf2ac7e24866431e381cbc914560e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0d9555bf9eaeba34fe6b6bb86f442fe08ba3842","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba12c1e578890f6337a415b7dedf476c6d455105","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46067","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:27.643","lastModified":"2026-06-24T17:04:01.583","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp\n\nUsers can set damos_quota_goal->nid with arbitrary value for\nnode_memcg_{used,free}_bp.  But DAMON core is using those for NODE-DATA()\nwithout a validation of the value.  This can result in out of bounds\nmemory access.  The issue can actually triggered using DAMON user-space\ntool (damo), like below.\n\n    $ sudo mkdir /sys/fs/cgroup/foo\n    $ sudo ./damo start --damos_action stat --damos_quota_interval 1s \\\n            --damos_quota_goal node_memcg_used_bp 50% -1 /foo\n    $ sudo dmseg\n    [...]\n    [  524.181426] Unable to handle kernel paging request at virtual address 0000000000002c00\n\nFix this issue by adding the validation of the given node id.  If an\ninvalid node id is given, it returns 0% for used memory ratio, and 100%\nfor free memory ratio."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/damon/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b74a120bcf50787e5b9a2c3dcff999f9836ce1db","lessThan":"da10db73ada26345244ea5dc52f974692bd05f66","versionType":"git","status":"affected"},{"version":"b74a120bcf50787e5b9a2c3dcff999f9836ce1db","lessThan":"a34dac6482e53e2c76944f25b1489b9b7da3a6e6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/damon/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a34dac6482e53e2c76944f25b1489b9b7da3a6e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da10db73ada26345244ea5dc52f974692bd05f66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46068","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:27.940","lastModified":"2026-06-24T17:03:51.660","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx\n\nThe bounce buffers are allocated with __get_free_pages() using\nBOUNCE_BUFFER_ORDER (order 2 = 4 pages), but both the allocation error\npath and nx842_crypto_free_ctx() release the buffers with free_page().\nUse free_pages() with the matching order instead."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/nx/nx-842.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ed70b479c2c0b6e1319f0cb2de19f1051be219a4","lessThan":"f17a4850d1ce7c11cba8b1830b9bfedfede878bb","versionType":"git","status":"affected"},{"version":"ed70b479c2c0b6e1319f0cb2de19f1051be219a4","lessThan":"910bb34b801d39794e656f7d48414844b2bd354e","versionType":"git","status":"affected"},{"version":"ed70b479c2c0b6e1319f0cb2de19f1051be219a4","lessThan":"5c07962fed66e1238fad7635fa150570bd38b4c5","versionType":"git","status":"affected"},{"version":"ed70b479c2c0b6e1319f0cb2de19f1051be219a4","lessThan":"80fd99d7c30ea889662d21f1b44d8fea4c83138d","versionType":"git","status":"affected"},{"version":"ed70b479c2c0b6e1319f0cb2de19f1051be219a4","lessThan":"adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/nx/nx-842.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"6.6.141","matchCriteriaId":"EF97161C-1BB5-4ADC-A7BA-2A18D7A44511"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5c07962fed66e1238fad7635fa150570bd38b4c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80fd99d7c30ea889662d21f1b44d8fea4c83138d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/910bb34b801d39794e656f7d48414844b2bd354e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f17a4850d1ce7c11cba8b1830b9bfedfede878bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46069","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.170","lastModified":"2026-06-24T17:03:45.327","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()\n\nThe mwifiex_adapter_cleanup() function uses timer_delete()\n(non-synchronous) for the wakeup_timer before the adapter structure is\nfreed. This is incorrect because timer_delete() does not wait for any\nrunning timer callback to complete.\n\nIf the wakeup_timer callback (wakeup_timer_fn) is executing when\nmwifiex_adapter_cleanup() is called, the callback will continue to\naccess adapter fields (adapter->hw_status, adapter->if_ops.card_reset,\netc.) which may be freed by mwifiex_free_adapter() called later in the\nmwifiex_remove_card() path.\n\nUse timer_delete_sync() instead to ensure any running timer callback has\ncompleted before returning."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/marvell/mwifiex/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"c3508895450cca4aeaf5dbadbb5e582363005264","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"1958a92599b2653d730ccb6f5685fc3fbed21812","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"a88f5391dc68f78cae5eb6a8cd341cafee795d3d","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"11869ce402d95519d49b25a2a97741f68d69d103","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"63fe3389b3e092d6c0eeea9fc0318e7918b16618","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"4e179a60a60c0a5aea245e8e67768343c0f070b8","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"030abbae49cf9fd1fba7aa08e15ec81efbeb78cf","versionType":"git","status":"affected"},{"version":"4636187da60b6e33526050235c610409d9cc00e8","lessThan":"ae5e95d4157481693be2317e3ffcd84e36010cbb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/marvell/mwifiex/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.0","status":"affected"},{"version":"0","lessThan":"4.0","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.10.259","matchCriteriaId":"7C4C5D4A-CE24-4E52-8A88-6F88AA66099E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/030abbae49cf9fd1fba7aa08e15ec81efbeb78cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/11869ce402d95519d49b25a2a97741f68d69d103","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1958a92599b2653d730ccb6f5685fc3fbed21812","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4e179a60a60c0a5aea245e8e67768343c0f070b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63fe3389b3e092d6c0eeea9fc0318e7918b16618","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a88f5391dc68f78cae5eb6a8cd341cafee795d3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae5e95d4157481693be2317e3ffcd84e36010cbb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3508895450cca4aeaf5dbadbb5e582363005264","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46070","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.283","lastModified":"2026-06-24T17:00:16.237","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: validate payload size before accessing journal metadata\n\nr5c_recovery_analyze_meta_block() and\nr5l_recovery_verify_data_checksum_for_mb() iterate over payloads in a\njournal metadata block using on-disk payload size fields without\nvalidating them against the remaining space in the metadata block.\n\nA corrupted journal contains payload sizes extending beyond the PAGE_SIZE\nboundary can cause out-of-bounds reads when accessing payload fields or\ncomputing offsets.\n\nAdd bounds validation for each payload type to ensure the full payload\nfits within meta_size before processing."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/raid5-cache.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"c96c6f01d84b5c67db1bf1cc8591c0b7146826fc","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"ef4851d8324fd978ca1ff9ec76a275438f887743","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"28d3ff7109c66e99dc1b7cddacb5c760849620ef","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"33698bd1b2db9764a29df7751533d33967ff5c98","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"c3a1cf78bd1bbb51b2cc5189b4743056553c1e0e","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"73ce72edd113374801045924d4417199963f73a3","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"406aa86394ead347c47428fb51b6359bdaa2257d","versionType":"git","status":"affected"},{"version":"b4c625c67362b3940f619c1a836b4e8329106658","lessThan":"b0cc3ae97e893bf54bbce447f4e9fd2e0b88bff9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/raid5-cache.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.258","matchCriteriaId":"CE5B9066-4DF6-4452-B9C5-B22E69A91B92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28d3ff7109c66e99dc1b7cddacb5c760849620ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33698bd1b2db9764a29df7751533d33967ff5c98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/406aa86394ead347c47428fb51b6359bdaa2257d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/73ce72edd113374801045924d4417199963f73a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0cc3ae97e893bf54bbce447f4e9fd2e0b88bff9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3a1cf78bd1bbb51b2cc5189b4743056553c1e0e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c96c6f01d84b5c67db1bf1cc8591c0b7146826fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef4851d8324fd978ca1ff9ec76a275438f887743","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46071","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.397","lastModified":"2026-06-24T16:59:55.283","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Avoid clearing VMCB_LBR in vmcb12\n\nsvm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB.\nHowever, nested_svm_vmexit() uses it to copy LBRs to vmcb12, and\nclearing clean bits in vmcb12 is not architecturally defined.\n\nMove vmcb_mark_dirty() to callers and drop it for vmcb12.\n\nThis also facilitates incoming refactoring that does not pass the entire\nVMCB to svm_copy_lbrs()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/svm/nested.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d20c796ca3709801f8a7fa36e8770a3dd8ebd34e","lessThan":"a3f0981a5a0e0bd51ad74cc7d9eed32294b24002","versionType":"git","status":"affected"},{"version":"d20c796ca3709801f8a7fa36e8770a3dd8ebd34e","lessThan":"9efe23568806d1cd06f7d146f9b3037b8d585a9f","versionType":"git","status":"affected"},{"version":"d20c796ca3709801f8a7fa36e8770a3dd8ebd34e","lessThan":"b53ab5167a81537777ac780bbd93d32613aa3bda","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/svm/nested.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.18.27","matchCriteriaId":"A56F60AE-F19E-4C75-B923-ACD1989D1A3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9efe23568806d1cd06f7d146f9b3037b8d585a9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3f0981a5a0e0bd51ad74cc7d9eed32294b24002","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b53ab5167a81537777ac780bbd93d32613aa3bda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46072","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.503","lastModified":"2026-06-24T16:59:39.583","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: add buffer boundary checks to run_unpack()\n\nrun_unpack() checks `run_buf < run_last` at the top of the while loop\nbut then reads size_size and offset_size bytes via run_unpack_s64()\nwithout verifying they fit within the remaining buffer.  A crafted NTFS\nimage with truncated run data in an MFT attribute triggers an OOB heap\nread of up to 15 bytes when the filesystem is mounted.\n\nAdd boundary checks before each run_unpack_s64() call to ensure the\ndeclared field size does not exceed the remaining buffer.\n\nFound by fuzzing with a source-patched harness (LibAFL + QEMU)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"bbad75336870b51b81979b97613746237fcb02fe","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"425de2aba0d061b3e715d51a3b1992c112ed5b99","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"bf7ac4a1d3bfc6e56e54635c3d331a68170d37c9","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"e64f7dfcaff79e7dfff9121a382dd77f9b462f62","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"d3012690a7065d9ca86521a525ad11e8af491d45","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"41aadf5cb482793a24e05aa136224e179a778586","versionType":"git","status":"affected"},{"version":"82cae269cfa953032fbb8980a7d554d60fb00b17","lessThan":"b62567bca47408e6739dee75f02a2113548af875","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.209","matchCriteriaId":"6EDF0B07-5AB8-46F1-84C6-AAB5EF2C52B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41aadf5cb482793a24e05aa136224e179a778586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/425de2aba0d061b3e715d51a3b1992c112ed5b99","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b62567bca47408e6739dee75f02a2113548af875","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bbad75336870b51b81979b97613746237fcb02fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf7ac4a1d3bfc6e56e54635c3d331a68170d37c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3012690a7065d9ca86521a525ad11e8af491d45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e64f7dfcaff79e7dfff9121a382dd77f9b462f62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46073","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.607","lastModified":"2026-06-24T16:59:26.080","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt\n\nwait_for_completion_interruptible_timeout() returns -ERESTARTSYS when\ninterrupted. This needs to abort the URB and return an error. No data\nhas been received from the device so any reads from the transfer\nbuffer are invalid.\n\nThe original code tests !ret, which only catches the timeout case (0).\nOn signal delivery (-ERESTARTSYS), !ret is false so the function skips\nusb_kill_urb() and falls through to read from the unfilled transfer\nbuffer.\n\nFix by capturing the return value into a long (matching the function\nreturn type) and handling signal (negative) and timeout (zero) cases\nwith separate checks that both call usb_kill_urb() before returning."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/hwmon/powerz.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4381a36abdf1c5c0323c1c51f869dc000115eb20","lessThan":"8b51277eec433d4e724b273a5a5c64e8acfbe405","versionType":"git","status":"affected"},{"version":"4381a36abdf1c5c0323c1c51f869dc000115eb20","lessThan":"b6cb07f02253bdefd2339e57eaa1428a7b28cd0f","versionType":"git","status":"affected"},{"version":"4381a36abdf1c5c0323c1c51f869dc000115eb20","lessThan":"d64458784036f5818e22781254b6be299d52a19c","versionType":"git","status":"affected"},{"version":"4381a36abdf1c5c0323c1c51f869dc000115eb20","lessThan":"b66437cb20a2d9ef201f40b675569f8ea7787c9f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/hwmon/powerz.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46074","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.717","lastModified":"2026-06-24T16:59:17.650","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ch341: fix memory leaks on probe failures\n\nMake sure to deregister the controller, disable pins, and kill and free\nthe RX URB on probe failures to mirror disconnect and avoid memory\nleaks and use-after-free.\n\nAlso add an explicit URB kill on disconnect for symmetry (even if that\nis not strictly required as USB core would have stopped it in the\ncurrent setup)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi-ch341.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8846739f52afa07e63395c80227dc544f54bd7b1","lessThan":"5c6518633702d7f7b1153e9d8e042af847f11ef3","versionType":"git","status":"affected"},{"version":"8846739f52afa07e63395c80227dc544f54bd7b1","lessThan":"ff8a7996dc8bf433efe2126ffdaee5b374a89e30","versionType":"git","status":"affected"},{"version":"8846739f52afa07e63395c80227dc544f54bd7b1","lessThan":"9bee2faf9e21c796d0d222c9d84a98f41bd303a0","versionType":"git","status":"affected"},{"version":"8846739f52afa07e63395c80227dc544f54bd7b1","lessThan":"b99e3ddb91b499d920e63a2daff8880be68cfe9e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi-ch341.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.86","matchCriteriaId":"2BE3B9C6-D36E-42AC-BB24-7D1BF41C0DD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5c6518633702d7f7b1153e9d8e042af847f11ef3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bee2faf9e21c796d0d222c9d84a98f41bd303a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b99e3ddb91b499d920e63a2daff8880be68cfe9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff8a7996dc8bf433efe2126ffdaee5b374a89e30","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46075","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.823","lastModified":"2026-06-24T16:59:08.560","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: atmel-sha204a - Fix potential UAF and memory leak in remove path\n\nUnregister the hwrng to prevent new ->read() calls and flush the Atmel\nI2C workqueue before teardown to prevent a potential UAF if a queued\ncallback runs while the device is being removed.\n\nDrop the early return to ensure sysfs entries are removed and\n->hwrng.priv is freed, preventing a memory leak."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/atmel-sha204a.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"6dbeb0f788582e1ab5dfc3f41994eac0ec88c2b5","versionType":"git","status":"affected"},{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"c5a45d14234bf26e28a89e3a5dcc08336595cf11","versionType":"git","status":"affected"},{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"775c00d87c385b758da9504cf053acea00e2ed40","versionType":"git","status":"affected"},{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"1193c12126d39bf986a5a9214827b73707b193ab","versionType":"git","status":"affected"},{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"31901371ccd16b42d2f167b1018ba9ae8bd5a6c7","versionType":"git","status":"affected"},{"version":"da001fb651b00e1deeaf24767dd691ae8152a4f5","lessThan":"bab1adf3b87e4bfac92c4f5963c63db434d561c1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/atmel-sha204a.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.175","matchCriteriaId":"38FC5C77-ECE1-4E84-B543-2BE911AF89E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1193c12126d39bf986a5a9214827b73707b193ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31901371ccd16b42d2f167b1018ba9ae8bd5a6c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6dbeb0f788582e1ab5dfc3f41994eac0ec88c2b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/775c00d87c385b758da9504cf053acea00e2ed40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bab1adf3b87e4bfac92c4f5963c63db434d561c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5a45d14234bf26e28a89e3a5dcc08336595cf11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46076","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:28.930","lastModified":"2026-06-24T16:58:28.430","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1\n\nExplicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want\nto intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and the\nhypercall is something other than one of the supported Hyper-V hypercalls.\nWhen all of the above conditions are met, KVM will intercept VMMCALL but\nnever forward it to L1, i.e. will let L2 make hypercalls as if it were L1.\n\nThe TLFS says a whole lot of nothing about this scenario, so go with the\narchitectural behavior, which says that VMMCALL #UDs if it's not\nintercepted.\n\nOpportunistically do a 2-for-1 stub trade by stub-ifying the new API\ninstead of the helpers it uses.  The last remaining \"single\" stub will\nsoon be dropped as well.\n\n[sean: rewrite changelog and comment, tag for stable, remove defunct stubs]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/hyperv.h","arch/x86/kvm/svm/hyperv.h","arch/x86/kvm/svm/nested.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3f4a812edf5cb0a50e65fbdfafdb3e688da18f16","lessThan":"924d721fae95687acedbaf624a094ed0e8b67104","versionType":"git","status":"affected"},{"version":"3f4a812edf5cb0a50e65fbdfafdb3e688da18f16","lessThan":"009c0f726abeaa67aad1d96b883bdce01d405ce2","versionType":"git","status":"affected"},{"version":"3f4a812edf5cb0a50e65fbdfafdb3e688da18f16","lessThan":"5fb4a5f361565f5b629d8a8fe5288ce8463c5727","versionType":"git","status":"affected"},{"version":"3f4a812edf5cb0a50e65fbdfafdb3e688da18f16","lessThan":"c36991c6f8d2ab56ee67aff04e3c357f45cfc76c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/hyperv.h","arch/x86/kvm/svm/hyperv.h","arch/x86/kvm/svm/nested.c","arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":5.3}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.86","matchCriteriaId":"B33E0975-006A-45BB-AD35-19D8D80F6676"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/009c0f726abeaa67aad1d96b883bdce01d405ce2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5fb4a5f361565f5b629d8a8fe5288ce8463c5727","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/924d721fae95687acedbaf624a094ed0e8b67104","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c36991c6f8d2ab56ee67aff04e3c357f45cfc76c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46077","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.040","lastModified":"2026-06-24T17:20:35.357","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: atmel-tdes - fix DMA sync direction\n\nBefore DMA output is consumed by the CPU, ->dma_addr_out must be synced\nwith dma_sync_single_for_cpu() instead of dma_sync_single_for_device().\nUsing the wrong direction can return stale cache data on non-coherent\nplatforms."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/atmel-tdes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"ce3224678acb8c0b3473daa7d7dbffc998c6951a","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"b9b28f3881dd514e74f98ae04e79a635022a4804","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"c0f3002c02a3a83250e25582ffbe8df7eb78a8bd","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"5281e6e2302362f6b75b70cbfe4098d2a25dafd9","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"12a0adfe498cd5d87e6365d7ca5f6b3eed79e523","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"863d11b3927703ad95077c81a8a6489c5c7872f7","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"b5f5df801d161ba244f391519cbff2f4e5c6edc2","versionType":"git","status":"affected"},{"version":"13802005d8f2db244ec1f5d7f6923de8f7a463db","lessThan":"c8a9a647532f5c2a04180352693215e24e9dba03","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/atmel-tdes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.258","matchCriteriaId":"5464091F-10C3-4A60-9BC8-5E946AC892DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12a0adfe498cd5d87e6365d7ca5f6b3eed79e523","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5281e6e2302362f6b75b70cbfe4098d2a25dafd9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/863d11b3927703ad95077c81a8a6489c5c7872f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5f5df801d161ba244f391519cbff2f4e5c6edc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9b28f3881dd514e74f98ae04e79a635022a4804","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0f3002c02a3a83250e25582ffbe8df7eb78a8bd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8a9a647532f5c2a04180352693215e24e9dba03","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce3224678acb8c0b3473daa7d7dbffc998c6951a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46078","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.143","lastModified":"2026-06-24T17:20:32.217","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix the out-of-bounds nameoff handling for trailing dirents\n\nCurrently we already have boundary-checks for nameoffs, but the trailing\ndirents are special since the namelens are calculated with strnlen()\nwith unchecked nameoffs.\n\nIf a crafted EROFS has a trailing dirent with nameoff >= maxsize,\nmaxsize - nameoff can underflow, causing strnlen() to read past the\ndirectory block.\n\nnameoff0 should also be verified to be a multiple of\n`sizeof(struct erofs_dirent)` as well [1].\n\n[1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/erofs/dir.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"a8ee527807f7d97e55ce2ef2906f7f34975eb1c7","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"aa16dca1b062355181ef215229eeac249d7c0d61","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"80a23c6d1aba35be8746d74ac14e6ba5ae46da21","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"222055e6b4063abd2d9e13c3d49bbd1724c50789","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"48b27a955d22391c7f30169fa7b6b2e1977f1ce4","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"8ebb951a284b7446e025afc7dc5e9516ef9a7214","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"1d55445226c75ddd4e78b09b3e7d99109b28c366","versionType":"git","status":"affected"},{"version":"3aa8ec716e52c02360457fa018296629b4d0becf","lessThan":"d18a3b5d337fa412a38e776e6b4b857a58836575","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/erofs/dir.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.259","matchCriteriaId":"371269AD-0F41-4AA3-A04C-8560F4185F8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d55445226c75ddd4e78b09b3e7d99109b28c366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/222055e6b4063abd2d9e13c3d49bbd1724c50789","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/48b27a955d22391c7f30169fa7b6b2e1977f1ce4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80a23c6d1aba35be8746d74ac14e6ba5ae46da21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ebb951a284b7446e025afc7dc5e9516ef9a7214","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a8ee527807f7d97e55ce2ef2906f7f34975eb1c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa16dca1b062355181ef215229eeac249d7c0d61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d18a3b5d337fa412a38e776e6b4b857a58836575","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46079","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.253","lastModified":"2026-06-24T17:20:28.893","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrbd: fix null-ptr-deref when device_add_disk() fails\n\ndo_rbd_add() publishes the device with device_add() before calling\ndevice_add_disk(). If device_add_disk() fails after device_add()\nsucceeds, the error path calls rbd_free_disk() directly and then later\nfalls through to rbd_dev_device_release(), which calls rbd_free_disk()\nagain. This double teardown can leave blk-mq cleanup operating on\ninvalid state and trigger a null-ptr-deref in\n__blk_mq_free_map_and_rqs(), reached from blk_mq_free_tag_set().\n\nFix this by following the normal remove ordering: call device_del()\nbefore rbd_dev_device_release() when device_add_disk() fails after\ndevice_add(). That keeps the teardown sequence consistent and avoids\nre-entering disk cleanup through the wrong path.\n\nThe bug was first flagged by an experimental analysis tool we are\ndeveloping for kernel memory-management bugs while analyzing\nv6.13-rc1. The tool is still under development and is not yet publicly\navailable.\n\nWe reproduced the bug on v7.0 with a real Ceph backend and a QEMU x86_64\nguest booted with KASAN and CONFIG_FAILSLAB enabled. The reproducer\nconfines failslab injections to the __add_disk() range and injects\nfail-nth while mapping an RBD image through\n/sys/bus/rbd/add_single_major.\n\nOn the unpatched kernel, fail-nth=4 reliably triggered the fault:\n\n\tOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n\tKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\tCPU: 0 UID: 0 PID: 273 Comm: bash Not tainted 7.0.0-01247-gd60bc1401583 #6 PREEMPT(lazy)\n\tHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n\tRIP: 0010:__blk_mq_free_map_and_rqs+0x8c/0x240\n\tCode: 00 00 48 8b 6b 60 41 89 f4 49 c1 e4 03 4c 01 e5 45 85 ed 0f 85 0a 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 e9 48 c1 e9 03 <80> 3c 01 00 0f 85 31 01 00 00 4c 8b 6d 00 4d 85 ed 0f 84 e2 00 00\n\tRSP: 0018:ff1100000ab0fac8 EFLAGS: 00000246\n\tRAX: dffffc0000000000 RBX: ff1100000c4806a0 RCX: 0000000000000000\n\tRDX: 0000000000000002 RSI: 0000000000000000 RDI: ff1100000c4806f4\n\tRBP: 0000000000000000 R08: 0000000000000001 R09: ffe21c000189001b\n\tR10: ff1100000c4800df R11: ff1100006cf37be0 R12: 0000000000000000\n\tR13: 0000000000000000 R14: ff1100000c480700 R15: ff1100000c480004\n\tFS:  00007f0fbe8fe740(0000) GS:ff110000e5851000(0000) knlGS:0000000000000000\n\tCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\tCR2: 00007fe53473b2e0 CR3: 0000000012eef000 CR4: 00000000007516f0\n\tPKRU: 55555554\n\tCall Trace:\n\t <TASK>\n\t blk_mq_free_tag_set+0x77/0x460\n\t do_rbd_add+0x1446/0x2b80\n\t ? __pfx_do_rbd_add+0x10/0x10\n\t ? lock_acquire+0x18c/0x300\n\t ? find_held_lock+0x2b/0x80\n\t ? sysfs_file_kobj+0xb6/0x1b0\n\t ? __pfx_sysfs_kf_write+0x10/0x10\n\t kernfs_fop_write_iter+0x2f4/0x4a0\n\t vfs_write+0x98e/0x1000\n\t ? expand_files+0x51f/0x850\n\t ? __pfx_vfs_write+0x10/0x10\n\t ksys_write+0xf2/0x1d0\n\t ? __pfx_ksys_write+0x10/0x10\n\t do_syscall_64+0x115/0x690\n\t entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\tRIP: 0033:0x7f0fbea15907\n\tCode: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24\n\tRSP: 002b:00007ffe22346ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n\tRAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f0fbea15907\n\tRDX: 0000000000000058 RSI: 0000563ace6c0ef0 RDI: 0000000000000001\n\tRBP: 0000563ace6c0ef0 R08: 0000563ace6c0ef0 R09: 6b6435726d694141\n\tR10: 5250337279762f78 R11: 0000000000000246 R12: 0000000000000058\n\tR13: 00007f0fbeb1c780 R14: ff1100000c480700 R15: ff1100000c480004\n\t </TASK>\n\nWith this fix applied, rerunning the reproducer over fail-nth=1..256\nyields no KASAN reports.\n\n[ idryomov: rename err_out_device_del -> err_out_device ]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/block/rbd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"78bd0c143dea4b7a4c23c13356987ca0eafb442e","versionType":"git","status":"affected"},{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"2f4809a879f0750c7790bbeeae86c9505797a06f","versionType":"git","status":"affected"},{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"564cd8f4aeb9a938e470c5c91922fd02e4d41acc","versionType":"git","status":"affected"},{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"ad0126ffcba8777109852979eaaa6dca6703abdb","versionType":"git","status":"affected"},{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"059fb7656723c1b77c2fc0e64b7aa99d6bb65e8e","versionType":"git","status":"affected"},{"version":"27c97abc30e2b9ad2288977c0ecbef4d50553f57","lessThan":"d1fef92e414433ca7b89abf85cb0df42b8d475eb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/block/rbd.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/059fb7656723c1b77c2fc0e64b7aa99d6bb65e8e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2f4809a879f0750c7790bbeeae86c9505797a06f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/564cd8f4aeb9a938e470c5c91922fd02e4d41acc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78bd0c143dea4b7a4c23c13356987ca0eafb442e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad0126ffcba8777109852979eaaa6dca6703abdb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d1fef92e414433ca7b89abf85cb0df42b8d475eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46080","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.397","lastModified":"2026-06-24T17:20:25.177","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: split transactions in dio completion to avoid credit exhaustion\n\nDuring ocfs2 dio operations, JBD2 may report warnings via following\ncall trace:\nocfs2_dio_end_io_write\n ocfs2_mark_extent_written\n  ocfs2_change_extent_flag\n   ocfs2_split_extent\n    ocfs2_try_to_merge_extent\n     ocfs2_extend_rotate_transaction\n      ocfs2_extend_trans\n       jbd2__journal_restart\n        start_this_handle\n         output: JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449\n\nTo prevent exceeding the credits limit, modify ocfs2_dio_end_io_write() to\nhandle extents in a batch of transaction.\n\nAdditionally, relocate ocfs2_del_inode_from_orphan().  The orphan inode\nshould only be removed from the orphan list after the extent tree update\nis complete.  This ensures that if a crash occurs in the middle of extent\ntree updates, we won't leave stale blocks beyond EOF.\n\nThis patch also changes the logic for updating the inode size and removing\norphan, making it similar to ext4_dio_write_end_io().  Both operations are\nperformed only when everything looks good.\n\nFinally, thanks to Jans and Joseph for providing the bug fix prototype and\nsuggestions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ocfs2/aops.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"97c03c0e9f73a5049794b3c69ee60fb5e8b0ebd8","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"1e99bb19994246514d63e656492904176f9d5edd","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"91e05ac2336d00d5b99fc774be4bd50039084796","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"886f97fa59d0bbfa9859fb1a66dd9e014b522d89","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"ea5bb1d20da756e4f41a48dad42b2e7d6e73f71e","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"3c636a3edca9c3f180b3079f94fe7e115730d9c6","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"069c3fb310e9336cf48cfdf8748a32c29fd0193d","versionType":"git","status":"affected"},{"version":"c15471f79506830f80eca0e7fe09b8213953ab5f","lessThan":"d647c5b2fbf81560818dacade360abc8c00a9665","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ocfs2/aops.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.6","status":"affected"},{"version":"0","lessThan":"4.6","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.10.258","matchCriteriaId":"F08826DB-DB76-43B9-BFA4-A6D435FCC364"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/069c3fb310e9336cf48cfdf8748a32c29fd0193d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e99bb19994246514d63e656492904176f9d5edd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c636a3edca9c3f180b3079f94fe7e115730d9c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/886f97fa59d0bbfa9859fb1a66dd9e014b522d89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91e05ac2336d00d5b99fc774be4bd50039084796","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/97c03c0e9f73a5049794b3c69ee60fb5e8b0ebd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d647c5b2fbf81560818dacade360abc8c00a9665","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea5bb1d20da756e4f41a48dad42b2e7d6e73f71e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46081","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.510","lastModified":"2026-06-24T17:20:20.110","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: acomp - fix wrong pointer stored by acomp_save_req()\n\nacomp_save_req() stores &req->chain in req->base.data. When\nacomp_reqchain_done() is invoked on asynchronous completion, it receives\n&req->chain as the data argument but casts it directly to struct\nacomp_req. Since data points to the chain member, all subsequent field\naccesses are at a wrong offset, resulting in memory corruption.\n\nThe issue occurs when an asynchronous hardware implementation, such as\nthe QAT driver, completes a request that uses the DMA virtual address\ninterface (e.g. acomp_request_set_src_dma()). This combination causes\ncrypto_acomp_compress() to enter the acomp_do_req_chain() path, which\nsets acomp_reqchain_done() as the completion callback via\nacomp_save_req().\n\nWith KASAN enabled, this manifests as a general protection fault in\nacomp_reqchain_done():\n\n  general protection fault, probably for non-canonical address 0xe000040000000000\n  KASAN: probably user-memory-access in range [0x0000400000000000-0x0000400000000007]\n  RIP: 0010:acomp_reqchain_done+0x15b/0x4e0\n  Call Trace:\n   <IRQ>\n   qat_comp_alg_callback+0x5d/0xa0 [intel_qat]\n   adf_ring_response_handler+0x376/0x8b0 [intel_qat]\n   adf_response_handler+0x60/0x170 [intel_qat]\n   tasklet_action_common+0x223/0x820\n   handle_softirqs+0x1ab/0x640\n   </IRQ>\n\nFix this by storing the request itself in req->base.data instead of\n&req->chain, so that acomp_reqchain_done() receives the correct pointer.\nSimplify acomp_restore_req() accordingly to access req->chain directly."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["crypto/acompress.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"64929fe8c0a43508eee952cf57903a61c52601e7","lessThan":"343a5bf68a8ff9affcf2b70677ea4cf40c195ee4","versionType":"git","status":"affected"},{"version":"64929fe8c0a43508eee952cf57903a61c52601e7","lessThan":"1a2785e5985627f2265ba7775949601a29ba0d1e","versionType":"git","status":"affected"},{"version":"64929fe8c0a43508eee952cf57903a61c52601e7","lessThan":"d7e20b9bd6c990773cf0c09e2642250b8a70263d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["crypto/acompress.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.27","matchCriteriaId":"24BD5AA7-843C-41A3-8471-F53AD6DB7C6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a2785e5985627f2265ba7775949601a29ba0d1e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/343a5bf68a8ff9affcf2b70677ea4cf40c195ee4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7e20b9bd6c990773cf0c09e2642250b8a70263d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46082","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.617","lastModified":"2026-06-24T17:20:12.000","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0\n\nINVLPGA should cause a #UD when EFER.SVME is not set. Add a check to\nproperly inject #UD when EFER.SVME=0.\n\n[sean: tag for stable@]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"ebb63390142c6458fc37758e0892759989cc159f","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"491139c17f8ad5773303068411f6ac5eed438b51","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"3ac9d4241d205f5d0df06358349ca718ebb0fa12","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"643125b66ffc1147c66616b749475ba9efb15971","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"ee24928ecd85db4b68ed111e91fef36af0ca37b0","versionType":"git","status":"affected"},{"version":"ff092385e8285c03d8b148f42f46f98c5f4becd5","lessThan":"d99df02ff427f461102230f9c5b90a6c64ee8e23","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/svm/svm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.32","status":"affected"},{"version":"0","lessThan":"2.6.32","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32","versionEndExcluding":"5.15.209","matchCriteriaId":"5EFBFF38-7FBE-4424-B680-30EADAF4306B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3ac9d4241d205f5d0df06358349ca718ebb0fa12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/491139c17f8ad5773303068411f6ac5eed438b51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/643125b66ffc1147c66616b749475ba9efb15971","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c15392ed9e49c1a16b4d3a3ccf1b3bf2318a6c28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d99df02ff427f461102230f9c5b90a6c64ee8e23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ebb63390142c6458fc37758e0892759989cc159f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee24928ecd85db4b68ed111e91fef36af0ca37b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46083","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.723","lastModified":"2026-06-24T17:20:06.667","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix resource leaks on device setup failure\n\nMake sure to call controller cleanup() if spi_setup() fails while\nregistering a device to avoid leaking any resources allocated by\nsetup()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"e0401de43dac00f3e4841ca2aeb98bc10a4c5f13","versionType":"git","status":"affected"},{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"a2c817c629430fbbd54273525b472dac96e2c8fd","versionType":"git","status":"affected"},{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"1e774294b2f944f59e03a04eb438768a4b93c3ce","versionType":"git","status":"affected"},{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"11baa8b24bcb07ae2048f2566a220021d766abe0","versionType":"git","status":"affected"},{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"dbcead54b12468d9aa54c0e1f0042d838ec3b0ae","versionType":"git","status":"affected"},{"version":"c7299fea67696db5bd09d924d1f1080d894f92ef","lessThan":"db357034f7e0cf23f233f414a8508312dfe8fbbe","versionType":"git","status":"affected"},{"version":"3e7c190475d98099231ee8ae486d31b1e2e7535a","versionType":"git","status":"affected"},{"version":"4b8b7bc3a726268e5c15d9bafe27863a85fdfc8e","versionType":"git","status":"affected"},{"version":"e92ac9263b06c39f05526ad15c90d228cdab60fd","versionType":"git","status":"affected"},{"version":"5.4.126","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.10.44","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.12.11","lessThan":"5.13","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.126","versionEndExcluding":"5.5","matchCriteriaId":"D9588D9E-C830-4F10-AFA4-090FC0A6FAED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.44","versionEndExcluding":"5.11","matchCriteriaId":"7FCAB1F4-968B-4150-BCFC-2116FE69B9FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12.11","versionEndExcluding":"5.13","matchCriteriaId":"7D00B286-6BE8-4461-8378-DDD0A1E13953"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13.1","versionEndExcluding":"6.1.176","matchCriteriaId":"B271CD2A-9A06-47F1-A3FE-B8ADAC8315F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*","matchCriteriaId":"8F0E7012-0BA3-4E6A-ADE9-57973CBDEE28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*","matchCriteriaId":"1ECD33F5-85BE-430B-8F86-8D7BD560311D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*","matchCriteriaId":"CF351855-2437-4CF5-AD7C-BDFA51F27683"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*","matchCriteriaId":"25A855BA-2118-44F2-90EF-EBBB12AF51EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:rc7:*:*:*:*:*:*","matchCriteriaId":"F63101C7-E7A3-4C74-9CD5-B5FC5F53F5C8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11baa8b24bcb07ae2048f2566a220021d766abe0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e774294b2f944f59e03a04eb438768a4b93c3ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2c817c629430fbbd54273525b472dac96e2c8fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db357034f7e0cf23f233f414a8508312dfe8fbbe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbcead54b12468d9aa54c0e1f0042d838ec3b0ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e0401de43dac00f3e4841ca2aeb98bc10a4c5f13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46084","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.833","lastModified":"2026-06-24T17:12:13.517","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: Disable RX steering on RSS QP destroy\n\nWhen an RSS QP is destroyed (e.g. DPDK exit), mana_ib_destroy_qp_rss()\ndestroys the RX WQ objects but does not disable vPort RX steering in\nfirmware. This leaves stale steering configuration that still points to\nthe destroyed RX objects.\n\nIf traffic continues to arrive (e.g. peer VM is still transmitting) and\nthe VF interface is subsequently brought up (mana_open), the firmware\nmay deliver completions using stale CQ IDs from the old RX objects.\nThese CQ IDs can be reused by the ethernet driver for new TX CQs,\ncausing RX completions to land on TX CQs:\n\n  WARNING: mana_poll_tx_cq+0x1b8/0x220 [mana]  (is_sq == false)\n  WARNING: mana_gd_process_eq_events+0x209/0x290 (cq_table lookup fails)\n\nFix this by disabling vPort RX steering before destroying RX WQ objects.\nNote that mana_fence_rqs() cannot be used here because the fence\ncompletion is delivered on the CQ, which is polled by user-mode (e.g.\nDPDK) and not visible to the kernel driver.\n\nRefactor the disable logic into a shared mana_disable_vport_rx() in\nmana_en, exported for use by mana_ib, replacing the duplicate code.\nThe ethernet driver's mana_dealloc_queues() is also updated to call\nthis common function."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/mana/qp.c","drivers/net/ethernet/microsoft/mana/mana_en.c","include/net/mana/mana.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0266a177631d4c6b963b5b12dd986a8c5abdbf06","lessThan":"6a2d6273b6c3581ce7b90ce17b5cbb4efd19438f","versionType":"git","status":"affected"},{"version":"0266a177631d4c6b963b5b12dd986a8c5abdbf06","lessThan":"f1ccc4d500a0b87a5599343fc2f798048836e184","versionType":"git","status":"affected"},{"version":"0266a177631d4c6b963b5b12dd986a8c5abdbf06","lessThan":"8ba804869382ce307f2a15f5f6f2adfd791f41dc","versionType":"git","status":"affected"},{"version":"0266a177631d4c6b963b5b12dd986a8c5abdbf06","lessThan":"3be5ed233de03b00ae868cfc06e95331d8d9007c","versionType":"git","status":"affected"},{"version":"0266a177631d4c6b963b5b12dd986a8c5abdbf06","lessThan":"dbeb256e8dd87233d891b170c0b32a6466467036","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/mana/qp.c","drivers/net/ethernet/microsoft/mana/mana_en.c","include/net/mana/mana.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3be5ed233de03b00ae868cfc06e95331d8d9007c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6a2d6273b6c3581ce7b90ce17b5cbb4efd19438f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ba804869382ce307f2a15f5f6f2adfd791f41dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbeb256e8dd87233d891b170c0b32a6466467036","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1ccc4d500a0b87a5599343fc2f798048836e184","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46085","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:29.963","lastModified":"2026-06-24T17:12:04.360","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix rxkad crypto unalignment handling\n\nFix handling of a packet with a misaligned crypto length.  Also handle\nnon-ENOMEM errors from decryption by aborting.  Further, remove the\nWARN_ON_ONCE() so that it can't be remotely triggered (a trace line can\nstill be emitted)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/trace/events/rxrpc.h","net/rxrpc/rxkad.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9853917f9edf08efb0b55c26d9eb8340f126d9e9","lessThan":"f1c6bd0cc786a8fa74829ce3c4b3673944a308f4","versionType":"git","status":"affected"},{"version":"e9c369d58785044427450350ad32d6a2497fb379","lessThan":"440d20d95e844b657a93a0b2dcc2aae155efdce6","versionType":"git","status":"affected"},{"version":"bf4d6e4a6856eedeb7f66eb91224115bfff4e2cb","lessThan":"f0d3efd03b2a9e0f1ffa6df8fcb264af3d494286","versionType":"git","status":"affected"},{"version":"f93af41b9f5f798823d0d0fb8765c2a936d76270","lessThan":"af9271eb666d07b6f65612dc160a47f7cb5220ed","versionType":"git","status":"affected"},{"version":"f93af41b9f5f798823d0d0fb8765c2a936d76270","lessThan":"def304aae2edf321d2671fd6ca766a93c21f877e","versionType":"git","status":"affected"},{"version":"5cdf57eda01a1ffaeb61ac39ec4dcc94a690431e","versionType":"git","status":"affected"},{"version":"6.6.135","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.82","lessThan":"6.12.86","versionType":"semver","status":"affected"},{"version":"6.18.23","lessThan":"6.18.27","versionType":"semver","status":"affected"},{"version":"6.19.13","lessThan":"6.20","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/trace/events/rxrpc.h","net/rxrpc/rxkad.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.135","versionEndExcluding":"6.6.140","matchCriteriaId":"F82DE71B-FB91-4C69-8C44-FFC0D5046E64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.82","versionEndExcluding":"6.12.86","matchCriteriaId":"218864FC-6C1F-4C79-A5A7-5A4ABEFE6E78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.23","versionEndExcluding":"6.18.27","matchCriteriaId":"1B31E06F-ED60-4A3F-AEBB-5D429621E5BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.13","versionEndExcluding":"7.0","matchCriteriaId":"45C6601E-9606-496B-93CA-3A0EFCF5190E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.0.4","matchCriteriaId":"5D1B2C32-8791-4623-B492-D610205CFC42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*","matchCriteriaId":"EF897730-3F1E-47A2-8B07-22535202C487"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/440d20d95e844b657a93a0b2dcc2aae155efdce6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af9271eb666d07b6f65612dc160a47f7cb5220ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/def304aae2edf321d2671fd6ca766a93c21f877e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0d3efd03b2a9e0f1ffa6df8fcb264af3d494286","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1c6bd0cc786a8fa74829ce3c4b3673944a308f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46086","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.080","lastModified":"2026-06-24T17:08:46.907","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: use a stable FDB dst snapshot in RCU readers\n\nLocal FDB entries can be rewritten in place by `fdb_delete_local()`, which\nupdates `f->dst` to another port or to `NULL` while keeping the entry\nalive. Several bridge RCU readers inspect `f->dst`, including\n`br_fdb_fillbuf()` through the `brforward_read()` sysfs path.\n\nThese readers currently load `f->dst` multiple times and can therefore\nobserve inconsistent values across the check and later dereference.\nIn `br_fdb_fillbuf()`, this means a concurrent local-FDB update can change\n`f->dst` after the NULL check and before the `port_no` dereference,\nleading to a NULL-ptr-deref.\n\nFix this by taking a single `READ_ONCE()` snapshot of `f->dst` in each\naffected RCU reader and using that snapshot for the rest of the access\nsequence. Also publish the in-place `f->dst` updates in `fdb_delete_local()`\nwith `WRITE_ONCE()` so the readers and writer use matching access patterns."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bridge/br_arp_nd_proxy.c","net/bridge/br_fdb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"c502fa9f094cb03d1d1685c71e2105ab359bc2b8","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"a6ae4511c07b91f597e461406c6330f0d4ff810e","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"1406c4e0ed1eaf8a29801ab1163d00fb7ee4359a","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"0b9e4bbfb7c949151e3acd44ed4aa33614d2e110","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"81af4137a30c4c2dc694dea8cacb180bd66000ef","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"5424e678f9b304e148cf5dcc047cffc7a56a3bb5","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"9a2d9d4e657b23dc21f24cf139e3aeff0b61341f","versionType":"git","status":"affected"},{"version":"960b589f86c74ce582922fcb996103271081f4de","lessThan":"df4601653201de21b487c3e7fffd464790cab808","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bridge/br_arp_nd_proxy.c","net/bridge/br_fdb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.14","status":"affected"},{"version":"0","lessThan":"3.14","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.1","versionEndExcluding":"5.10.259","matchCriteriaId":"381832F6-7D7D-4333-9276-B44B01372277"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*","matchCriteriaId":"851B1505-0318-49F4-8D7C-196BE04FF173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*","matchCriteriaId":"1795E18E-AE30-4230-809F-E40317FB96BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*","matchCriteriaId":"0F91AF02-7C23-4888-A580-07C166BE8128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*","matchCriteriaId":"61A7DB5C-EB54-4D4A-AB38-8060F13C8779"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*","matchCriteriaId":"4FF2C86B-7087-4EFC-A256-3AF313C25325"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*","matchCriteriaId":"14AC6A73-D01C-44F4-9821-BAE9600E72D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*","matchCriteriaId":"055557BE-1FE9-45F5-8A95-F8D3C9B031E4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b9e4bbfb7c949151e3acd44ed4aa33614d2e110","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1406c4e0ed1eaf8a29801ab1163d00fb7ee4359a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5424e678f9b304e148cf5dcc047cffc7a56a3bb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81af4137a30c4c2dc694dea8cacb180bd66000ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a2d9d4e657b23dc21f24cf139e3aeff0b61341f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6ae4511c07b91f597e461406c6330f0d4ff810e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c502fa9f094cb03d1d1685c71e2105ab359bc2b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/df4601653201de21b487c3e7fffd464790cab808","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46087","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.203","lastModified":"2026-06-25T21:09:24.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start()\n\nDestroy the DAMON context and reset the global pointer when damon_start()\nfails.  Otherwise, the context allocated by damon_stat_build_ctx() is\nleaked, and the stale damon_stat_context pointer will be overwritten on\nthe next enable attempt, making the old allocation permanently\nunreachable."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/damon/stat.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"369c415e60732b7c8ed33368891581246f580d7a","lessThan":"8a62c58411cbd748d7aeab0e5b0963e33ff47a7a","versionType":"git","status":"affected"},{"version":"369c415e60732b7c8ed33368891581246f580d7a","lessThan":"50bc1d7e0f3bb6932c8dc5da0907eead0790176b","versionType":"git","status":"affected"},{"version":"369c415e60732b7c8ed33368891581246f580d7a","lessThan":"e04ed278d25bf15769800bf6e35c6737f137186f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/damon/stat.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.27","matchCriteriaId":"210B8806-2626-4386-99C1-68429968DE90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/50bc1d7e0f3bb6932c8dc5da0907eead0790176b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a62c58411cbd748d7aeab0e5b0963e33ff47a7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e04ed278d25bf15769800bf6e35c6737f137186f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46088","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.333","lastModified":"2026-06-25T21:15:11.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()\n\nsnd_ctl_elem_init_enum_names() advances pointer p through the names\nbuffer while decrementing buf_len. If buf_len reaches zero but items\nremain, the next iteration calls strnlen(p, 0).\n\nWhile strnlen(p, 0) returns 0 and would hit the existing name_len == 0\nerror path, CONFIG_FORTIFY_SOURCE's fortified strnlen() first checks\nmaxlen against __builtin_dynamic_object_size(). When Clang loses track\nof p's object size inside the loop, this triggers a BRK exception panic\nbefore the return value is examined.\n\nAdd a buf_len == 0 guard at the loop entry to prevent calling fortified\nstrnlen() on an exhausted buffer.\n\nFound by kernel fuzz testing through Xiaomi Smartphone."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/core/control.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"708f6ec9bcdf58bfd561409110baaf4fd3be4ea3","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"bfcbb4994da9e979c4bcfcf24aaaac69e457e48e","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"a470f7cabc4df72d9bd132f5719a8717292bb440","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"654c818a69c21d2bea4e8fd9eae7da865df9a5c8","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"82012fd3e78a14360fbc2f1a7491589896704f97","versionType":"git","status":"affected"},{"version":"8d448162bda5ae3b5ecb26fe50c8fbbeae99faa4","lessThan":"e0da8a8cac74f4b9f577979d131f0d2b88a84487","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/core/control.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.10.258","matchCriteriaId":"6297D9F9-EB7C-456A-A816-A1326116C005"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1fbe46d2b72754d8bd580e13e59ccb5d3d0e8cb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/654c818a69c21d2bea4e8fd9eae7da865df9a5c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/708f6ec9bcdf58bfd561409110baaf4fd3be4ea3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82012fd3e78a14360fbc2f1a7491589896704f97","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ba0214c3dd32b8ec652947e3f2bc5b8f6e6be9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a470f7cabc4df72d9bd132f5719a8717292bb440","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfcbb4994da9e979c4bcfcf24aaaac69e457e48e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e0da8a8cac74f4b9f577979d131f0d2b88a84487","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46089","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.443","lastModified":"2026-06-25T21:15:15.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nzram: do not forget to endio for partial discard requests\n\nAs reported by Qu Wenruo and Avinesh Kumar, the following\n\n getconf PAGESIZE\n 65536\n blkdiscard -p 4k /dev/zram0\n\ntakes literally forever to complete.  zram doesn't support partial\ndiscards and just returns immediately w/o doing any discard work in such\ncases.  The problem is that we forget to endio on our way out, so\nblkdiscard sleeps forever in submit_bio_wait().  Fix this by jumping to\nend_bio label, which does bio_endio()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/block/zram/zram_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0120dd6e4e202e19a0e011e486fb2da40a5ea279","lessThan":"2d1f18efccdb8b29552399d024c36b705447e975","versionType":"git","status":"affected"},{"version":"0120dd6e4e202e19a0e011e486fb2da40a5ea279","lessThan":"35d3300f6357cfaa72db2721dc2b345b19bac5df","versionType":"git","status":"affected"},{"version":"0120dd6e4e202e19a0e011e486fb2da40a5ea279","lessThan":"a02363f71a79b755daa78a70d6b217f9c13c8c85","versionType":"git","status":"affected"},{"version":"0120dd6e4e202e19a0e011e486fb2da40a5ea279","lessThan":"68ce397e8236088fc53b9532d383a722288c8194","versionType":"git","status":"affected"},{"version":"0120dd6e4e202e19a0e011e486fb2da40a5ea279","lessThan":"e3668b371329ea036ff022ce8ecc82f8befcf003","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/block/zram/zram_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.140","matchCriteriaId":"FA2B001B-CDB2-4EF3-8FCE-74CFF813CACD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d1f18efccdb8b29552399d024c36b705447e975","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/35d3300f6357cfaa72db2721dc2b345b19bac5df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68ce397e8236088fc53b9532d383a722288c8194","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a02363f71a79b755daa78a70d6b217f9c13c8c85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3668b371329ea036ff022ce8ecc82f8befcf003","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46091","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.647","lastModified":"2026-06-25T21:15:45.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: igorplugusb: heed coherency rules\n\nIn a control request, the USB request structure\ncan be subject to DMA on some HCs. Hence it must obey\nthe rules for DMA coherency. Allocate it separately."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/rc/igorplugusb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"bc04b8633b375af6ac8a8bb615258b80fe06cdaa","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"81f0fb813e4bf28b3ca28dc218938a32eb48f740","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"0e84aa8fc23c7578f105e3a2160f9d0aa2bed79a","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"0adac0ee2c42027d80bac02ea9b576a88f8955d3","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"a62ca67e3c72fb297dc7c86495ba8f7329d7f150","versionType":"git","status":"affected"},{"version":"b1c97193c6437a6083da67f8e97c8ee29b2f1989","lessThan":"eac69475b01fe1e861dfe3960b57fa95671c132e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/rc/igorplugusb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.19","status":"affected"},{"version":"0","lessThan":"3.19","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"5.10.259","matchCriteriaId":"B7671B6F-58A3-4C86-AD1F-9A93A153C5C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0e84aa8fc23c7578f105e3a2160f9d0aa2bed79a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81f0fb813e4bf28b3ca28dc218938a32eb48f740","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc04b8633b375af6ac8a8bb615258b80fe06cdaa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46092","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.757","lastModified":"2026-06-25T21:15:55.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: check for PCI upstream bridge existence\n\npci_upstream_bridge() returns NULL if the device is on a root bus.  If\n8821CE is installed in the system with such a PCI topology, the probing\nroutine will crash.  This has probably been unnoticed as 8821CE is mostly\nsupplied in laptops where there is a PCI-to-PCI bridge located upstream\nfrom the device.  However the card might be installed on a system with\ndifferent configuration.\n\nCheck if the bridge does exist for the specific workaround to be applied.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/realtek/rtw88/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"eb101d2abdcccb514ca4fccd3b278dd8267374f6","versionType":"git","status":"affected"},{"version":"617339466fda09916c4b4151fa5e6a9c1fdae353","versionType":"git","status":"affected"},{"version":"f21e8cb927fa9da49490b74ddda3856a828b82d6","versionType":"git","status":"affected"},{"version":"5.15.17","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.16.3","lessThan":"5.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/realtek/rtw88/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.16","matchCriteriaId":"FE141E86-782B-4D36-B214-2FB7AC66A083"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"7.1","matchCriteriaId":"CAC20C0C-87B8-47F3-B448-0970CEFDDB6E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/eb101d2abdcccb514ca4fccd3b278dd8267374f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46093","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.860","lastModified":"2026-06-25T21:16:04.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: take vmap_purge_lock in shrinker\n\ndecay_va_pool_node() can be invoked concurrently from two paths:\n__purge_vmap_area_lazy() when pools are being purged, and the shrinker via\nvmap_node_shrink_scan().\n\nHowever, decay_va_pool_node() is not safe to run concurrently, and the\nshrinker path currently lacks serialization, leading to races and possible\nleaks.\n\nProtect decay_va_pool_node() by taking vmap_purge_lock in the shrinker\npath to ensure serialization with purge users."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"687ccdf582169cd680aeaf24cc953807c4cd4345","versionType":"git","status":"affected"},{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"12f2341b4c235d5593a433abac201c1c6725787f","versionType":"git","status":"affected"},{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"ec05f51f1e65bce95528543eb73fda56fd201d94","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.18.27","matchCriteriaId":"474906DE-0215-49E1-B77B-B91C11FE152E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12f2341b4c235d5593a433abac201c1c6725787f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/687ccdf582169cd680aeaf24cc953807c4cd4345","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec05f51f1e65bce95528543eb73fda56fd201d94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46094","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.963","lastModified":"2026-06-25T21:16:11.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bounds check in check_xattrs() to prevent out-of-bounds access\n\nThe bounds check for the next xattr entry in check_xattrs() uses\n(void *)next >= end, which allows next to point within sizeof(u32)\nbytes of end. On the next loop iteration, IS_LAST_ENTRY() reads 4\nbytes via *(__u32 *)(entry), which can overrun the valid xattr region.\n\nFor example, if next lands at end - 1, the check passes since\nnext < end, but IS_LAST_ENTRY() reads 4 bytes starting at end - 1,\naccessing 3 bytes beyond the valid region.\n\nFix this by changing the check to (void *)next + sizeof(u32) > end,\nensuring there is always enough space for the IS_LAST_ENTRY() read\non the subsequent iteration."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ext4/xattr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3478c83cf26bbffd026ae6a56bcb1fe544f0834e","lessThan":"ab6da97bc310db35d4e4ef5354bc3ff626b0698c","versionType":"git","status":"affected"},{"version":"3478c83cf26bbffd026ae6a56bcb1fe544f0834e","lessThan":"5a5314d2387633a272a04d1bd8727f99058e4e68","versionType":"git","status":"affected"},{"version":"3478c83cf26bbffd026ae6a56bcb1fe544f0834e","lessThan":"537e065977022aa22f2c2503e8accaf16622e0fd","versionType":"git","status":"affected"},{"version":"3478c83cf26bbffd026ae6a56bcb1fe544f0834e","lessThan":"520986722dbf869c122252123fc161c7302eab7d","versionType":"git","status":"affected"},{"version":"3478c83cf26bbffd026ae6a56bcb1fe544f0834e","lessThan":"eceafc31ea7b42c984ece10d79d505c0bb6615d5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ext4/xattr.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.140","matchCriteriaId":"AE397E0D-B39E-43DA-B546-2C72385DF22F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/520986722dbf869c122252123fc161c7302eab7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/537e065977022aa22f2c2503e8accaf16622e0fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a5314d2387633a272a04d1bd8727f99058e4e68","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab6da97bc310db35d4e4ef5354bc3ff626b0698c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eceafc31ea7b42c984ece10d79d505c0bb6615d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46095","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:31.113","lastModified":"2026-06-25T21:17:03.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-llbitmap: raise barrier before state machine transition\n\nMove the barrier raise operation before calling llbitmap_state_machine()\nin both llbitmap_start_write() and llbitmap_start_discard(). This\nensures the barrier is in place before any state transitions occur,\npreventing potential race conditions where the state machine could\ncomplete before the barrier is properly raised."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/md-llbitmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5ab829f1971dc99f2aac10846c378e67fc875abc","lessThan":"9142f00a9287ca38152717e3e88a033a27774e7f","versionType":"git","status":"affected"},{"version":"5ab829f1971dc99f2aac10846c378e67fc875abc","lessThan":"9701d51dd378380ba05293fa391e8ba01065ae8d","versionType":"git","status":"affected"},{"version":"5ab829f1971dc99f2aac10846c378e67fc875abc","lessThan":"ef4ca3d4bf09716cff9ba00eb0351deadc8417ab","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/md-llbitmap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.27","matchCriteriaId":"1A10DA86-4154-4102-9D63-807CF10A4352"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9142f00a9287ca38152717e3e88a033a27774e7f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9701d51dd378380ba05293fa391e8ba01065ae8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef4ca3d4bf09716cff9ba00eb0351deadc8417ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46096","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:31.220","lastModified":"2026-06-25T21:17:06.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public()\n\ntpm2_read_public() calls tpm_buf_init() but fails to call\ntpm_buf_destroy() on two exit paths, leaking a page allocation:\n\n1. When name_size() returns an error (unrecognized hash algorithm),\n   the function returns directly without destroying the buffer.\n\n2. On the success path, the buffer is never destroyed before\n   returning.\n\nAll other error paths in the function correctly call\ntpm_buf_destroy() before returning.\n\nFix both by adding the missing tpm_buf_destroy() calls."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/tpm/tpm2-sessions.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"20eda7c74b69fe9e1caf9b930a5c016bf8d755fa","lessThan":"f8775d9d9062da662cc861f9ff7722a65896d4cd","versionType":"git","status":"affected"},{"version":"bda1cbf73c6e241267c286427f2ed52b5735d872","lessThan":"2f434be87e256fd58254f60ddf5d7d58e775ca0b","versionType":"git","status":"affected"},{"version":"bda1cbf73c6e241267c286427f2ed52b5735d872","lessThan":"f0f75a3d98b7959a8677b6363e23190f3018636b","versionType":"git","status":"affected"},{"version":"a3b7eb67225c486a2da357c5db3e386f4e64bcde","versionType":"git","status":"affected"},{"version":"6.18.3","lessThan":"6.18.27","versionType":"semver","status":"affected"},{"version":"6.12.64","lessThan":"6.13","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/tpm/tpm2-sessions.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.64","versionEndExcluding":"6.13","matchCriteriaId":"87DC3D61-429B-4C73-A249-C5E443A6FFE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.3","versionEndExcluding":"6.18.27","matchCriteriaId":"93C4FAEA-8BA5-46B6-A5B5-4995751F206E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2f434be87e256fd58254f60ddf5d7d58e775ca0b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0f75a3d98b7959a8677b6363e23190f3018636b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8775d9d9062da662cc861f9ff7722a65896d4cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46097","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:31.333","lastModified":"2026-06-25T21:17:34.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: edt-ft5x06 - fix use-after-free in debugfs teardown\n\nThe commit 68743c500c6e (\"Input: edt-ft5x06 - use per-client debugfs\ndirectory\") removed the manual debugfs teardown, relying on the I2C core\nto handle it. However, this creates a window where debugfs files are\nstill accessible after edt_ft5x06_ts_teardown_debugfs() frees\ntsdata->raw_buffer.\n\nTo prevent a use-after-free, protect the freeing of raw_buffer with the\ndevice mutex and set raw_buffer to NULL. The debugfs read function\nalready checks if raw_buffer is NULL under the same mutex, so this\nsafely avoids the use-after-free."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/input/touchscreen/edt-ft5x06.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"68743c500c6eafcd0b16dc6067fea5bca0795eef","lessThan":"a516d43886623e3cca5fa3446bed8fc7c7982be2","versionType":"git","status":"affected"},{"version":"68743c500c6eafcd0b16dc6067fea5bca0795eef","lessThan":"9f6c5e7b747d40e1c65cbfcb975857d25154c075","versionType":"git","status":"affected"},{"version":"68743c500c6eafcd0b16dc6067fea5bca0795eef","lessThan":"f5f9e07060519e2287e99019a6de1eb3ebb65c37","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/input/touchscreen/edt-ft5x06.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.27","matchCriteriaId":"210B8806-2626-4386-99C1-68429968DE90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9f6c5e7b747d40e1c65cbfcb975857d25154c075","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a516d43886623e3cca5fa3446bed8fc7c7982be2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5f9e07060519e2287e99019a6de1eb3ebb65c37","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46098","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:31.453","lastModified":"2026-06-25T21:17:48.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: caif: clear client service pointer on teardown\n\n`caif_connect()` can tear down an existing client after remote shutdown by\ncalling `caif_disconnect_client()` followed by `caif_free_client()`.\n`caif_free_client()` releases the service layer referenced by\n`adap_layer->dn`, but leaves that pointer stale.\n\nWhen the socket is later destroyed, `caif_sock_destructor()` calls\n`caif_free_client()` again and dereferences the freed service pointer.\n\nClear the client/service links before releasing the service object so\nrepeated teardown becomes harmless."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/caif/cfsrvl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"cffca7a18b8f9de7c3d3013a1f5740c412b2a501","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"7ef97d4675b05a103648bd9244d91dff7d8c08b0","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"e16859f3f4426fa349bc5519d582a93d28f5a15d","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"914c6456fcfc21a3d553945dff62fd1621d6155d","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"3ac6db584d9d420267bb8413115707eeec76d9cf","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"63d21a3aa0108b9dde4e99b0d3d5d679ac68c0f9","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"a4b191ddc12c55ddb62feb096536f819f384d6f1","versionType":"git","status":"affected"},{"version":"43e3692101086add8719c3b8b50b05c9ac5b14e1","lessThan":"f7cf8ece8cee3c1ee361991470cdb1eb65ab02e8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/caif/cfsrvl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.0","status":"affected"},{"version":"0","lessThan":"3.0","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.258","matchCriteriaId":"ADE9309F-1058-4BD7-8F94-3FE94CF5B8A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3ac6db584d9d420267bb8413115707eeec76d9cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/63d21a3aa0108b9dde4e99b0d3d5d679ac68c0f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ef97d4675b05a103648bd9244d91dff7d8c08b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/914c6456fcfc21a3d553945dff62fd1621d6155d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a4b191ddc12c55ddb62feb096536f819f384d6f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cffca7a18b8f9de7c3d3013a1f5740c412b2a501","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e16859f3f4426fa349bc5519d582a93d28f5a15d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7cf8ece8cee3c1ee361991470cdb1eb65ab02e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46100","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:31.877","lastModified":"2026-06-25T21:18:03.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: afs: revert mmap_prepare() change\n\nPartially reverts commit 9d5403b1036c (\"fs: convert most other\ngeneric_file_*mmap() users to .mmap_prepare()\").\n\nThis is because the .mmap invocation establishes a refcount, but\n.mmap_prepare is called at a point where a merge or an allocation failure\nmight happen after the call, which would leak the refcount increment.\n\nFunctionality is being added to permit the use of .mmap_prepare in this\ncase, but in the interim, we need to fix this."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/afs/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9d5403b1036cdcd4be0f9f5568612c0e60e73d79","lessThan":"f51f85c044809fbd39ac8ae07ac99bc43ce32bd5","versionType":"git","status":"affected"},{"version":"9d5403b1036cdcd4be0f9f5568612c0e60e73d79","lessThan":"48c7a0eaeea41da17d1d84d2d7a4c40be122b246","versionType":"git","status":"affected"},{"version":"9d5403b1036cdcd4be0f9f5568612c0e60e73d79","lessThan":"fbfc6578eaca12daa0c09df1e9ba7f2c657b49da","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/afs/file.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.27","matchCriteriaId":"210B8806-2626-4386-99C1-68429968DE90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46101","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:32.147","lastModified":"2026-06-25T21:18:10.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: reject zero shift in nft_bitwise\n\nReject zero shift operands for nft_bitwise left and right shift\nexpressions during initialization.\n\nThe carry propagation logic computes the carry from the adjacent 32-bit\nword using BITS_PER_TYPE(u32) - shift. A zero shift operand turns this\ninto a 32-bit shift, which is undefined behaviour.\n\nReject zero shift operands in the control plane, alongside the existing\ncheck for values greater than or equal to 32, so malformed rules never\nreach the packet path."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nft_bitwise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"9baa08d6b6b096fad70049533f0d705d85fdc979","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"4fccea585631621c975883911a08d15b6671f7dc","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"9ad26c272405f53834871cc2e46b9b5393a666c3","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"bffef0acec9c3b837a785248a893137fb7f26c95","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"ca24f1243ad1a4d12d6a23876bbbe3ed02099853","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"6f820139d16a4c9865a145d4a9cf9c92cc632c14","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"f370205974f171a5868c13ff30d7642fed46e47b","versionType":"git","status":"affected"},{"version":"567d746b55bc66d3800c9ae91d50f0c5deb2fd93","lessThan":"fe11e5c40817b84abaa5d83bfb6586d8412bfd07","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nft_bitwise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.258","matchCriteriaId":"C8E25762-5928-4BB0-987A-F8EFFCD41A4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4fccea585631621c975883911a08d15b6671f7dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f820139d16a4c9865a145d4a9cf9c92cc632c14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ad26c272405f53834871cc2e46b9b5393a666c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9baa08d6b6b096fad70049533f0d705d85fdc979","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bffef0acec9c3b837a785248a893137fb7f26c95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca24f1243ad1a4d12d6a23876bbbe3ed02099853","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f370205974f171a5868c13ff30d7642fed46e47b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe11e5c40817b84abaa5d83bfb6586d8412bfd07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46102","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:32.323","lastModified":"2026-06-25T21:18:22.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: strparser: fix skb_head leak in strp_abort_strp()\n\nWhen the stream parser is aborted, for example after a message assembly timeout,\nit can still hold a reference to a partially assembled message in\nstrp->skb_head.\n\nThat skb is not released in strp_abort_strp(), which leaks the partially\nassembled message and can be triggered repeatedly to exhaust memory.\n\nFix this by freeing strp->skb_head and resetting the parser state in the\nabort path. Leave strp_stop() unchanged so final cleanup still happens in\nstrp_done() after the work and timer have been synchronized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/strparser/strparser.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"a470ed71c906cc8cbad0d74c9942216698911f8b","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"c2e57695ec9ff9d42f23de70f3805199153d007b","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"e9ae00490d474757c0f9c65073de83e6bb1e5a00","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"5327dad2ffe9c1b49881dd6d51ff3c6893847568","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"19ca9475f18f991735f98a22e735c43e95e6298d","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"56082f442023db9be1a5a29d4ee361de4017c0b7","versionType":"git","status":"affected"},{"version":"43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a","lessThan":"fe72340daaf1af588be88056faf98965f39e6032","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/strparser/strparser.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.258","matchCriteriaId":"C4A199C3-CD5F-4853-A2B5-C26E88E57A7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46103","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:32.457","lastModified":"2026-06-25T21:18:31.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix devres lifetime\n\nUSB drivers bind to USB interfaces and any device managed resources\nshould have their lifetime tied to the interface rather than parent USB\ndevice. This avoids issues like memory leaks when drivers are unbound\nwithout their devices being physically disconnected (e.g. on probe\ndeferral or configuration changes).\n\nFix the control message buffer lifetime so that it is released on driver\nunbind."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/can/usb/ucan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"a90f0815aaa9c629ac4750e7c71c357dd7f231d7","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"cb2e41e87a2893345859440017e7178bf7a4c70d","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"3df5b9110ac08f67ccfe382fc172bfee95688eec","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"4b7d07747400cfd7eff1ba7b8b5a7c8d5a58f705","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"10b7b676b78a7bd888d19729b459aad7fc1f428b","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"c524c124e3094d2de12235a513854c03d06a2b58","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"c0d3ccc6929e4509076df8f30a4fb1dc5018b0ae","versionType":"git","status":"affected"},{"version":"9f2d3eae88d26c29d96e42983b755940d9169cd9","lessThan":"fed4626501c871890da287bec62a96e52da1af89","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/can/usb/ucan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.259","matchCriteriaId":"371269AD-0F41-4AA3-A04C-8560F4185F8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/10b7b676b78a7bd888d19729b459aad7fc1f428b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3df5b9110ac08f67ccfe382fc172bfee95688eec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b7d07747400cfd7eff1ba7b8b5a7c8d5a58f705","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a90f0815aaa9c629ac4750e7c71c357dd7f231d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0d3ccc6929e4509076df8f30a4fb1dc5018b0ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c524c124e3094d2de12235a513854c03d06a2b58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb2e41e87a2893345859440017e7178bf7a4c70d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fed4626501c871890da287bec62a96e52da1af89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-9704","sourceIdentifier":"secalert@redhat.com","published":"2026-05-27T14:17:40.480","lastModified":"2026-06-26T08:16:26.650","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-27T15:29:17.278859Z","id":"CVE-2026-9704","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9704","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481877","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9791","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:39.977","lastModified":"2026-06-26T08:16:26.910","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-28T12:18:58.165713Z","id":"CVE-2026-9791","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9791","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482458","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9792","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:40.537","lastModified":"2026-06-26T08:16:27.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T18:32:16.047044Z","id":"CVE-2026-9792","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9792","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482459","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9794","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T05:16:40.847","lastModified":"2026-06-26T08:16:27.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-28T13:00:49.126374Z","id":"CVE-2026-9794","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9794","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482461","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9801","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.493","lastModified":"2026-06-26T08:16:34.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-30T01:53:56.832854Z","id":"CVE-2026-9801","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9801","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482473","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9802","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.620","lastModified":"2026-06-26T08:16:35.027","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim's account, potentially leading to information disclosure or privilege escalation."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-28T13:00:17.958549Z","id":"CVE-2026-9802","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9802","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482467","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9803","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T06:16:29.750","lastModified":"2026-06-26T08:16:35.157","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-28T13:09:44.442993Z","id":"CVE-2026-9803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9803","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482465","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44604","sourceIdentifier":"secalert@redhat.com","published":"2026-05-28T08:16:35.280","lastModified":"2026-06-23T20:16:47.473","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rpm-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"6.0.1-6.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Pen Drive Powered by Red Hat Lightspeed","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pen-drive/pen-drive-scanner-rhel9","cpes":["cpe:/a:redhat:pdrive_lightspeed:0"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus Native builder","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/a:redhat:quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust-bootupd","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rpm","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust-bootupd","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-insights-engine-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-puptoo-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-yuptoo-rhel9","cpes":["cpe:/a:redhat:satellite:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-28T12:15:12.073020Z","id":"CVE-2026-44604","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:28491","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44604","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460967","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-46104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:25.757","lastModified":"2026-06-25T21:18:37.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: use sk blob accessor in socket permission helpers\n\nSELinux socket state lives in the composite LSM socket blob.\n\nsock_has_perm() and nlmsg_sock_has_extended_perms() currently\ndereference sk->sk_security directly, which assumes the SELinux socket\nblob is at offset zero.\n\nIn stacked configurations that assumption does not hold. If another LSM\nallocates socket blob storage before SELinux, these helpers may read the\nwrong blob and feed invalid SID and class values into AVC checks.\n\nUse selinux_sock() instead of accessing sk->sk_security directly."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/selinux/hooks.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d1d991efaf34606d500dcbd28bedc0666eeec8e2","lessThan":"d350fef4bc2467fe1bce15f7a20fe60e01ce41ad","versionType":"git","status":"affected"},{"version":"d1d991efaf34606d500dcbd28bedc0666eeec8e2","lessThan":"7eca71f57f194c1638ebb7f4097d6be8fd04c101","versionType":"git","status":"affected"},{"version":"d1d991efaf34606d500dcbd28bedc0666eeec8e2","lessThan":"032e70aff025d7c519af9ab791cd084380619263","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/selinux/hooks.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/032e70aff025d7c519af9ab791cd084380619263","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7eca71f57f194c1638ebb7f4097d6be8fd04c101","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d350fef4bc2467fe1bce15f7a20fe60e01ce41ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46105","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:25.850","lastModified":"2026-06-25T21:18:44.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Limit NVMe request size to 2 MiB\n\nThe HBA firmware reports NVMe MDTS values based on the underlying drive\ncapability. However, because the driver allocates a fixed 4K buffer for\nthe PRP list, accommodating at most 512 entries, the driver supports a\nmaximum I/O transfer size of 2 MiB.\n\nLimit max_hw_sectors to the smaller of the reported MDTS and the 2 MiB\ndriver limit to prevent issuing oversized I/O that may lead to a kernel\noops."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/scsi/mpt3sas/mpt3sas_scsih.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9b8b84879d4adc506b0d3944e20b28d9f3f6994b","lessThan":"45dcc815fc5539e88154315f36cbcb11d3a52fc2","versionType":"git","status":"affected"},{"version":"9b8b84879d4adc506b0d3944e20b28d9f3f6994b","lessThan":"e5f9824817c6358b9f9738bdb92dec9e4e794d3c","versionType":"git","status":"affected"},{"version":"9b8b84879d4adc506b0d3944e20b28d9f3f6994b","lessThan":"04631f55afc543d5431a2bdee7f6cc0f2c0debe7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/scsi/mpt3sas/mpt3sas_scsih.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.30","matchCriteriaId":"0382719F-0247-436A-881F-C7382FD213E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/04631f55afc543d5431a2bdee7f6cc0f2c0debe7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45dcc815fc5539e88154315f36cbcb11d3a52fc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e5f9824817c6358b9f9738bdb92dec9e4e794d3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46106","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:25.950","lastModified":"2026-06-25T21:18:59.773","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Hold eventfs_mutex and SRCU when remount walks events\n\nCommit 340f0c7067a9 (\"eventfs: Update all the eventfs_inodes from the\nevents descriptor\") had eventfs_set_attrs() recurse through ei->children\non remount.  The walk only holds the rcu_read_lock() taken by\ntracefs_apply_options() over tracefs_inodes, which is wrong:\n\n  - list_for_each_entry over ei->children races with the list_del_rcu()\n    in eventfs_remove_rec() -- LIST_POISON1 deref, same shape as\n    d2603279c7d6.\n  - eventfs_inodes are freed via call_srcu(&eventfs_srcu, ...).\n    rcu_read_lock() does not extend an SRCU grace period, so ti->private\n    can be reclaimed under the walk.\n  - The writes to ei->attr race with eventfs_set_attr(), which holds\n    eventfs_mutex.\n\nReproducer:\n\n  while :; do mount -o remount,uid=$((RANDOM%1000)) /sys/kernel/tracing; done &\n  while :; do\n      echo \"p:kp submit_bio\" > /sys/kernel/tracing/kprobe_events\n      echo > /sys/kernel/tracing/kprobe_events\n  done\n\nWrap the events portion of tracefs_apply_options() in\neventfs_remount_lock()/_unlock() that take eventfs_mutex and\nsrcu_read_lock(&eventfs_srcu).  eventfs_set_attrs() doesn't sleep so the\nnested rcu_read_lock() is fine; lockdep_assert_held() pins the contract.\n\nComment in tracefs_drop_inode() said \"RCU cycle\" -- it is SRCU."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/tracefs/event_inode.c","fs/tracefs/inode.c","fs/tracefs/internal.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7ec535ed8724d18ae4e714d2277a5b89450659d2","lessThan":"ae9cd0b46b1890040006a2fc5e905c5d6053fd02","versionType":"git","status":"affected"},{"version":"340f0c7067a95281ad13734f8225f49c6cf52067","lessThan":"44e64d8a432837308f4dda3ffe819f1ec092a0ba","versionType":"git","status":"affected"},{"version":"340f0c7067a95281ad13734f8225f49c6cf52067","lessThan":"52b109f1b875b912d4ab2c5fdd8c322d47119d9b","versionType":"git","status":"affected"},{"version":"340f0c7067a95281ad13734f8225f49c6cf52067","lessThan":"ed2ad73bcb0a7a6cc934097d4853b6d5124c317e","versionType":"git","status":"affected"},{"version":"340f0c7067a95281ad13734f8225f49c6cf52067","lessThan":"07004a8c4b572171934390148ee48c4175c77eed","versionType":"git","status":"affected"},{"version":"99b86d85f7c73d676c50e8c35748f94dd41389da","versionType":"git","status":"affected"},{"version":"6.6.35","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.9.6","lessThan":"6.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/tracefs/event_inode.c","fs/tracefs/inode.c","fs/tracefs/internal.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.35","versionEndExcluding":"6.6.140","matchCriteriaId":"B0173BEF-84A2-4374-8237-47E948C1D986"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.6","versionEndExcluding":"6.12.88","matchCriteriaId":"C08EF979-9FB8-4108-83C6-C519594C5222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07004a8c4b572171934390148ee48c4175c77eed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/44e64d8a432837308f4dda3ffe819f1ec092a0ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/52b109f1b875b912d4ab2c5fdd8c322d47119d9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae9cd0b46b1890040006a2fc5e905c5d6053fd02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed2ad73bcb0a7a6cc934097d4853b6d5124c317e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46107","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.063","lastModified":"2026-06-25T21:19:11.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm-thin: fix metadata refcount underflow\n\nThere's a bug in dm-thin in the function rebalance_children. If the\ninternal btree node has one entry, the code tries to copy all btree\nentries from the node's child to the node itself and then decrement the\nchild's reference count.\n\nIf the child node is shared (it has reference count > 1), we won't free\nit, so there would be two pointers to each of the grandchildren nodes.\nBut the reference counts of the grandchildren is not increased, thus the\nreference count doesn't match the number of pointers that point to the\ngrandchildren. This results in \"device mapper: space map common: unable\nto decrement block\" errors.\n\nFix this bug by incrementing reference counts on the grandchildren if the\nbtree node is shared."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/persistent-data/dm-btree-remove.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"b719d12cb94df345e9ad2715fd0abe9afcaeb111","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"f49b41c9eb7c6ff00df27cd49cea210abbadd8ad","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"f06f6aededd792a754cd677c02b3d3016d868c2c","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"12161e03d33afce781f68fa11cc6060538862fad","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"323d252a4a378834e4fe68298ca61cfc5dd3a460","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"85311a585a26640760cd0f3349ab9f2905691044","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"5ec0debbcfd43596e32c1239e993de06a704e04c","versionType":"git","status":"affected"},{"version":"3241b1d3e0aaafbfcd320f4d71ade629728cc4f4","lessThan":"09a65adc7d8bbfce06392cb6d375468e2728ead5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/persistent-data/dm-btree-remove.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.10.259","matchCriteriaId":"AC53F596-A57D-4444-90F4-98E548AF23A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b719d12cb94df345e9ad2715fd0abe9afcaeb111","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f06f6aededd792a754cd677c02b3d3016d868c2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f49b41c9eb7c6ff00df27cd49cea210abbadd8ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46108","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.190","lastModified":"2026-06-25T21:19:26.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi:si: Return state to normal if message allocation fails\n\nThere were places where nothing would get started if a message\nallocation failed, so the driver needs to return to normal state."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/ipmi/ipmi_si_intf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c204fab7f76a055eac346e3b1a75c6b4bb99600e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ab48817aebe4d831f87d4da6f94f50498c130d9e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9c6ded95ac6281e390d167637ccbde6cea2ba1ae","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ce905b65e649eee378a0f37e8219f1d70efb3007","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"88881dc1da86064f479378bc9d0a4956c3d0bb12","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"bc13fce9eeec88c4950924754c3347c6dc66ff4c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ba60140d4133231b49185ac8bf6e54f318d3134e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"09dd798270ff582d7309f285d4aaf5dbebae01cb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/ipmi/ipmi_si_intf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09dd798270ff582d7309f285d4aaf5dbebae01cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/88881dc1da86064f479378bc9d0a4956c3d0bb12","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c6ded95ac6281e390d167637ccbde6cea2ba1ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab48817aebe4d831f87d4da6f94f50498c130d9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba60140d4133231b49185ac8bf6e54f318d3134e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc13fce9eeec88c4950924754c3347c6dc66ff4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c204fab7f76a055eac346e3b1a75c6b4bb99600e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce905b65e649eee378a0f37e8219f1d70efb3007","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46109","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.307","lastModified":"2026-06-24T18:31:16.600","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix memory leak on ulpi_register() error paths\n\nCommit 01af542392b5 (\"usb: ulpi: fix double free in\nulpi_register_interface() error path\") removed kfree(ulpi) from\nulpi_register_interface() to fix a double-free when device_register()\nfails.\n\nBut when ulpi_of_register() or ulpi_read_id() fail before\ndevice_register() is called, the ulpi allocation is leaked.\n\nAdd kfree(ulpi) on both error paths to properly clean up the allocation."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/usb/common/ulpi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2f70ba9dae13a190673cc3f9b4aad52179738f60","lessThan":"0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c","versionType":"git","status":"affected"},{"version":"ee248e6e941e4f2e634df2bd43e5f1ef810ab6df","lessThan":"f1b855c00988a9cb41134cab7cf9faedba775dd9","versionType":"git","status":"affected"},{"version":"272a9b26c336a295e4e209157fed809706c1b1f7","lessThan":"7bd61ed0bf9f4f1f2673d489b3bda1555b48d054","versionType":"git","status":"affected"},{"version":"aaeae6533d77e6ed4def85baec01e2815ebbef61","lessThan":"b0c0d44adb55c66663886cb6e30ee92cbb0f5385","versionType":"git","status":"affected"},{"version":"8763f8317bb389aded32a32b08f6751cfff657d2","lessThan":"be2c1d825f54277472c87019e82013ac534ddc4c","versionType":"git","status":"affected"},{"version":"38c28fe25611099230f0965c925499bfcf46a795","lessThan":"2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d","versionType":"git","status":"affected"},{"version":"01af542392b5d41fd659d487015a71f627accce3","lessThan":"f30ccfc2985590b33a23a3d8bed7ca16c0af551b","versionType":"git","status":"affected"},{"version":"01af542392b5d41fd659d487015a71f627accce3","lessThan":"0b9fcab1b8608d429e5f239afb197de928d4de7d","versionType":"git","status":"affected"},{"version":"a6e5461f076c2ef63159f18e5cdbd30b50f0bc15","versionType":"git","status":"affected"},{"version":"5.10.253","lessThan":"5.10.258","versionType":"semver","status":"affected"},{"version":"5.15.203","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.168","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.134","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.81","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"6.18.22","lessThan":"6.18.30","versionType":"semver","status":"affected"},{"version":"6.19.12","lessThan":"6.20","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/usb/common/ulpi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.253","versionEndExcluding":"5.10.258","matchCriteriaId":"9E840E33-DF41-44DF-AA3A-C3844291CC0A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.203","versionEndExcluding":"5.15.209","matchCriteriaId":"7076171D-667E-4312-8F73-B0BA78F11B20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.168","versionEndExcluding":"6.1.175","matchCriteriaId":"BA615F2E-CA22-4102-8963-19B863562B8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.134","versionEndExcluding":"6.6.140","matchCriteriaId":"8714203A-5D7A-4443-8CC2-6DEF43B4CCF1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.81","versionEndExcluding":"6.12.88","matchCriteriaId":"CA32E2A4-D435-4C35-8B32-BEBF0BF89081"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.22","versionEndExcluding":"6.18.30","matchCriteriaId":"C03B05A0-3CCE-4C25-9611-60C21322DDE1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.12","versionEndExcluding":"7.0","matchCriteriaId":"3E8EC0D8-1F19-40EC-8F9E-9E4FCF84758C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.0.7","matchCriteriaId":"4E7653F8-38DF-470F-848F-5CB1C487C23E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*","matchCriteriaId":"EF897730-3F1E-47A2-8B07-22535202C487"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0c2c0c6820fe96fa4be0a0499f8d3f3321b9af6c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a71e01b2cf9b4329ff67102c1bea7448c2a2d2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bd61ed0bf9f4f1f2673d489b3bda1555b48d054","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0c0d44adb55c66663886cb6e30ee92cbb0f5385","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be2c1d825f54277472c87019e82013ac534ddc4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1b855c00988a9cb41134cab7cf9faedba775dd9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f30ccfc2985590b33a23a3d8bed7ca16c0af551b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46110","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.420","lastModified":"2026-06-24T18:28:54.623","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Prevent NULL deref when RX memory exhausted\n\nThe CPU receives frames from the MAC through conventional DMA: the CPU\nallocates buffers for the MAC, then the MAC fills them and returns\nownership to the CPU. For each hardware RX queue, the CPU and MAC\ncoordinate through a shared ring array of DMA descriptors: one\ndescriptor per DMA buffer. Each descriptor includes the buffer's\nphysical address and a status flag (\"OWN\") indicating which side owns\nthe buffer: OWN=0 for CPU, OWN=1 for MAC. The CPU is only allowed to set\nthe flag and the MAC is only allowed to clear it, and both must move\nthrough the ring in sequence: thus the ring is used for both\n\"submissions\" and \"completions.\"\n\nIn the stmmac driver, stmmac_rx() bookmarks its position in the ring\nwith the `cur_rx` index. The main receive loop in that function checks\nfor rx_descs[cur_rx].own=0, gives the corresponding buffer to the\nnetwork stack (NULLing the pointer), and increments `cur_rx` modulo the\nring size. After the loop exits, stmmac_rx_refill(), which bookmarks its\nposition with `dirty_rx`, allocates fresh buffers and rearms the\ndescriptors (setting OWN=1). If it fails any allocation, it simply stops\nearly (leaving OWN=0) and will retry where it left off when next called.\n\nThis means descriptors have a three-stage lifecycle (terms my own):\n- `empty` (OWN=1, buffer valid)\n- `full` (OWN=0, buffer valid and populated)\n- `dirty` (OWN=0, buffer NULL)\n\nBut because stmmac_rx() only checks OWN, it confuses `full`/`dirty`. In\nthe past (see 'Fixes:'), there was a bug where the loop could cycle\n`cur_rx` all the way back to the first descriptor it dirtied, resulting\nin a NULL dereference when mistaken for `full`. The aforementioned\ncommit resolved that *specific* failure by capping the loop's iteration\nlimit at `dma_rx_size - 1`, but this is only a partial fix: if the\nprevious stmmac_rx_refill() didn't complete, then there are leftover\n`dirty` descriptors that the loop might encounter without needing to\ncycle fully around. The current code therefore panics (see 'Closes:')\nwhen stmmac_rx_refill() is memory-starved long enough for `cur_rx` to\ncatch up to `dirty_rx`.\n\nFix this by explicitly checking, before advancing `cur_rx`, if the next\nentry is dirty; exit the loop if so. This prevents processing of the\nfinal, used descriptor until stmmac_rx_refill() succeeds, but\nfully prevents the `cur_rx == dirty_rx` ambiguity as the previous bugfix\nintended: so remove the clamp as well. Since stmmac_rx_zc() is a\ncopy-paste-and-tweak of stmmac_rx() and the code structure is identical,\nany fix to stmmac_rx() will also need a corresponding fix for\nstmmac_rx_zc(). Therefore, apply the same check there.\n\nIn stmmac_rx() (not stmmac_rx_zc()), a related bug remains: after the\nMAC sets OWN=0 on the final descriptor, it will be unable to send any\nfurther DMA-complete IRQs until it's given more `empty` descriptors.\nCurrently, the driver simply *hopes* that the next stmmac_rx_refill()\nsucceeds, risking an indefinite stall of the receive process if not. But\nthis is not a regression, so it can be addressed in a future change."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7414a28de1b3b028714859078c00a874f9feff52","lessThan":"fdeb95b1fc7de25c9362990efb9996a8d761055c","versionType":"git","status":"affected"},{"version":"779334e59850f863bf34665e0ff0b6faf126873b","lessThan":"e1c50b273298c7cd9b08b113e7a7598b531a02f5","versionType":"git","status":"affected"},{"version":"b6cb4541853c7ee512111b0e7ddf3cb66c99c137","lessThan":"5c910f7708e3c507b037ca91ca5b09f8cfe71e65","versionType":"git","status":"affected"},{"version":"b6cb4541853c7ee512111b0e7ddf3cb66c99c137","lessThan":"4af2e62cbcda575a174acd230c3f3a208135e16d","versionType":"git","status":"affected"},{"version":"b6cb4541853c7ee512111b0e7ddf3cb66c99c137","lessThan":"950cb436165aad0f8f2cd49da3cd07677465bcde","versionType":"git","status":"affected"},{"version":"b6cb4541853c7ee512111b0e7ddf3cb66c99c137","lessThan":"0bb05e6adfa99a2ea1fee1125cc0953409f83ed8","versionType":"git","status":"affected"},{"version":"b435b4573240b5530830a1a60e005c6fcfd928a0","versionType":"git","status":"affected"},{"version":"6.1.64","lessThan":"6.1.176","versionType":"semver","status":"affected"},{"version":"6.6.3","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.5.13","lessThan":"6.6","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/stmicro/stmmac/stmmac_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.64","versionEndExcluding":"6.1.176","matchCriteriaId":"7D2385BE-AA5B-4108-986E-94FE78869E0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.13","versionEndExcluding":"6.6","matchCriteriaId":"3B6AC16B-2F1C-4FDF-8F49-09FC11C3F5B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.3","versionEndExcluding":"6.6.140","matchCriteriaId":"5BEAFABA-7E5B-445F-93D8-C490B82429EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.1","versionEndExcluding":"6.12.88","matchCriteriaId":"269B1B34-9934-4742-8224-E11B647B979B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*","matchCriteriaId":"62B55B1B-7D3E-499B-9C42-E9F1EF05A54A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*","matchCriteriaId":"E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*","matchCriteriaId":"C56C6E04-4F04-44A3-8DB8-93899903CFCF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*","matchCriteriaId":"5C78EDA4-8BE6-42FC-9512-49032D525A55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*","matchCriteriaId":"32F2E5CA-13C6-4601-B530-D465CBF73D1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*","matchCriteriaId":"5ED5AF93-F831-48BC-9545-CCB344E814FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc7:*:*:*:*:*:*","matchCriteriaId":"81A7ABCB-0807-4AA2-8F4E-75E38D2E3FD4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:rc8:*:*:*:*:*:*","matchCriteriaId":"B01471D6-2DB4-4AF2-8BE0-B5082B4B9253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bb05e6adfa99a2ea1fee1125cc0953409f83ed8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4af2e62cbcda575a174acd230c3f3a208135e16d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5c910f7708e3c507b037ca91ca5b09f8cfe71e65","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/950cb436165aad0f8f2cd49da3cd07677465bcde","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1c50b273298c7cd9b08b113e7a7598b531a02f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdeb95b1fc7de25c9362990efb9996a8d761055c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46111","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.550","lastModified":"2026-06-24T18:26:17.060","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: fix potential UAF in create_big_sync\n\nAdd hci_conn_valid() check in create_big_sync() to detect stale\nconnections before proceeding with BIG creation. Handle the\nresulting -ECANCELED in create_big_complete() and re-validate the\nconnection under hci_dev_lock() before dereferencing, matching the\npattern used by create_le_conn_complete() and create_pa_complete().\n\nKeep the hci_conn object alive across the async boundary by taking\na reference via hci_conn_get() when queueing create_big_sync(), and\ndropping it in the completion callback. The refcount and the lock\nare complementary: the refcount keeps the object allocated, while\nhci_dev_lock() serializes hci_conn_hash_del()'s list_del_rcu() on\nhdev->conn_hash, as required by hci_conn_del().\n\nhci_conn_put() is called outside hci_dev_unlock() so the final put\n(which resolves to kfree() via bt_link_release) does not run under\nhdev->lock, though the release path would be safe either way.\n\nWithout this, create_big_complete() would unconditionally\ndereference the conn pointer on error, causing a use-after-free\nvia hci_connect_cfm() and hci_conn_del()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/hci_conn.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eca0ae4aea66914515e5e3098ea051b518ee5316","lessThan":"6823f730bf195fc296d9edd09e2ca94bc1ff5584","versionType":"git","status":"affected"},{"version":"eca0ae4aea66914515e5e3098ea051b518ee5316","lessThan":"1750a2df0eab61dc421a7afae74abdd239a44b85","versionType":"git","status":"affected"},{"version":"eca0ae4aea66914515e5e3098ea051b518ee5316","lessThan":"dc34f8d8240f25dd137dc2758ebbcc75e3779142","versionType":"git","status":"affected"},{"version":"eca0ae4aea66914515e5e3098ea051b518ee5316","lessThan":"f8eaf92c57ad99358dd372580d5ff87623343a72","versionType":"git","status":"affected"},{"version":"eca0ae4aea66914515e5e3098ea051b518ee5316","lessThan":"0beddb0c380bed5f5b8e61ddbe14635bb73d0b41","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/hci_conn.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.140","matchCriteriaId":"42C969B5-5AF7-4327-A835-36C9FE167867"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.90","matchCriteriaId":"3BAAA2BE-6EEC-45D5-AD66-50F63CA20483"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.32","matchCriteriaId":"CB9F1FA8-6D5E-42B1-9877-57BACFE5C886"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0beddb0c380bed5f5b8e61ddbe14635bb73d0b41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1750a2df0eab61dc421a7afae74abdd239a44b85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6823f730bf195fc296d9edd09e2ca94bc1ff5584","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc34f8d8240f25dd137dc2758ebbcc75e3779142","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8eaf92c57ad99358dd372580d5ff87623343a72","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46112","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.660","lastModified":"2026-06-24T18:25:40.057","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix unlocked call to hns_roce_qp_remove()\n\nSashiko points out that hns_roce_qp_remove() requires the caller to hold\nlocks.  The error flow in hns_roce_create_qp_common() doesn't hold those\nlocks for the error unwind so it risks corrupting memory.\n\nGrab the same locks the other two callers use."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/hns/hns_roce_qp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"1f0a3aa8b569d010316b427238222c5d899f9618","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"b6296ff2475fc95ee6ea1b528c4b385302808186","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"fb4ae739811d467409bd07d0e36cfd4140f3d26a","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"fcf6a832c0d5b2bc5398d6996c5570d3ee7993fb","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"1912f78798505dc9c637081bbddfbf1c22494c49","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"615d9d260c32bb678504ca96f29ae46f9d745155","versionType":"git","status":"affected"},{"version":"e088a685eae94a0607b8f7b99949a0e14d748813","lessThan":"0c99acbc8b6c6dd526ae475a48ee1897b61072fb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/hns/hns_roce_qp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.15.209","matchCriteriaId":"AF3A679E-2CF5-4AD0-B523-490CDE9711E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c99acbc8b6c6dd526ae475a48ee1897b61072fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1912f78798505dc9c637081bbddfbf1c22494c49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f0a3aa8b569d010316b427238222c5d899f9618","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/615d9d260c32bb678504ca96f29ae46f9d745155","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b6296ff2475fc95ee6ea1b528c4b385302808186","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb4ae739811d467409bd07d0e36cfd4140f3d26a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcf6a832c0d5b2bc5398d6996c5570d3ee7993fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46113","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.760","lastModified":"2026-06-24T18:23:16.880","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix shadow paging use-after-free due to unexpected GFN\n\nThe shadow MMU computes GFNs for direct shadow pages using sp->gfn plus\nthe SPTE index. This assumption breaks for shadow paging if the guest\npage tables are modified between VM entries (similar to commit\naad885e77496, \"KVM: x86/mmu: Drop/zap existing present SPTE even\nwhen creating an MMIO SPTE\", 2026-03-27).  The flow is as follows:\n\n- a PDE is installed for a 2MB mapping, and a page in that area is\n  accessed.  KVM creates a kvm_mmu_page consisting of 512 4KB pages;\n  the kvm_mmu_page is marked by FNAME(fetch) as direct-mapped because\n  the guest's mapping is a huge page (and thus contiguous).\n\n- the PDE mapping is changed from outside the guest.\n\n- the guest accesses another page in the same 2MB area.  KVM installs\n  a new leaf SPTE and rmap entry; the SPTE uses the \"correct\" GFN\n  (i.e. based on the new mapping, as changed in the previous step) but\n  that GFN is outside of the [sp->gfn, sp->gfn + 511] range; therefore\n  the rmap entry cannot be found and removed when the kvm_mmu_page\n  is zapped.\n\n- the memslot that covers the first 2MB mapping is deleted, and the\n  kvm_mmu_page for the now-invalid GPA is zapped.  However, rmap_remove()\n  only looks at the [sp->gfn, sp->gfn + 511] range established in step 1,\n  and fails to find the rmap entry that was recorded by step 3.\n\n- any operation that causes an rmap walk for the same page accessed\n  by step 3 then walks a stale rmap and dereferences a freed kvm_mmu_page.\n  This includes dirty logging or MMU notifier invalidations (e.g., from\n  MADV_DONTNEED).\n\nThe underlying issue is that KVM's walking of shadow PTEs assumes that\nif a SPTE is present when KVM wants to install a non-leaf SPTE, then the\nexisting kvm_mmu_page must be for the correct gfn.  Because the only way\nfor the gfn to be wrong is if KVM messed up and failed to zap a SPTE...\nwhich shouldn't happen, but *actually* only happens in response to a\nguest write.\n\nThat bug dates back literally forever, as even the first version of KVM\nassumes that the GFN matches and walks into the \"wrong\" shadow page.\nHowever, that was only an imprecision until 2032a93d66fa (\"KVM: MMU:\nDon't allocate gfns page for direct mmu pages\") came along.\n\nFix it by checking for a target gfn mismatch and zapping the existing\nSPTE.  That way the old SP and rmap entries are gone, KVM installs\nthe rmap in the right location, and everyone is happy."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"e9d4ea13aa2b6400bb10ec64b370ba3dadcd22f0","versionType":"git","status":"affected"},{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"488e386484ec8c0e558be6e156edf34ed9f4d5c8","versionType":"git","status":"affected"},{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"06c19c967b845b63172601fe459667d973b7e6b7","versionType":"git","status":"affected"},{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"738ec97b1855df6c08fe2369f798fa0b972e556b","versionType":"git","status":"affected"},{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"14d1e55dfd2cf4711bff164a6aaaddb783552134","versionType":"git","status":"affected"},{"version":"6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7","lessThan":"0cb2af2ea66ad8ff195c156ea690f11216285bdf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.20","status":"affected"},{"version":"0","lessThan":"2.6.20","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.20","versionEndExcluding":"6.1.175","matchCriteriaId":"5B75FF6F-9513-497E-AA93-76239829E64C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06c19c967b845b63172601fe459667d973b7e6b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0cb2af2ea66ad8ff195c156ea690f11216285bdf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/14d1e55dfd2cf4711bff164a6aaaddb783552134","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/488e386484ec8c0e558be6e156edf34ed9f4d5c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/738ec97b1855df6c08fe2369f798fa0b972e556b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9d4ea13aa2b6400bb10ec64b370ba3dadcd22f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46114","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.870","lastModified":"2026-06-24T17:00:11.027","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads\n\natomic_write_reply() at drivers/infiniband/sw/rxe/rxe_resp.c\nunconditionally dereferences 8 bytes at payload_addr(pkt):\n\n    value = *(u64 *)payload_addr(pkt);\n\ncheck_rkey() previously accepted an ATOMIC_WRITE request with pktlen ==\nresid == 0 because the length validation only compared pktlen against\nresid. A remote initiator that sets the RETH length to 0 therefore reaches\natomic_write_reply() with a zero-byte logical payload, and the responder\nreads sizeof(u64) bytes from past the logical end of the packet into\nskb->head tailroom, then writes those 8 bytes into the attacker's MR via\nrxe_mr_do_atomic_write(). That is a remote disclosure of 4 bytes of kernel\ntailroom per probe (the other 4 bytes are the packet's own trailing ICRC).\n\nIBA oA19-28 defines ATOMIC_WRITE as exactly 8 bytes. Anything else is\nprotocol-invalid. Hoist a strict length check into check_rkey() so the\nresponder never reaches the unchecked dereference, and keep the existing\nWRITE-family length logic for the normal RDMA WRITE path.\n\nReproduced on mainline with an unmodified rxe driver: a sustained\nzero-length ATOMIC_WRITE probe repeatedly leaks adjacent skb head-buffer\nbytes into the attacker's MR, including recognisable kernel strings and\npartial kernel-direct-map pointer words.  With this patch applied the\nresponder rejects the PDU and the MR stays all-zero."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/sw/rxe/rxe_resp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"034e285f8b99062a0cf29112e1232154a6a44aa5","lessThan":"539cabb7b2d8ba70f55bba91db55faef11c2a6d7","versionType":"git","status":"affected"},{"version":"034e285f8b99062a0cf29112e1232154a6a44aa5","lessThan":"d415fce3fcde6d7aeea6c25362a395b905811452","versionType":"git","status":"affected"},{"version":"034e285f8b99062a0cf29112e1232154a6a44aa5","lessThan":"105bf79a23b85cf3a761d18a4f3e10ce88526bc1","versionType":"git","status":"affected"},{"version":"034e285f8b99062a0cf29112e1232154a6a44aa5","lessThan":"7ec1ed4747f5f99f8b797bb438c5efd36079fad5","versionType":"git","status":"affected"},{"version":"034e285f8b99062a0cf29112e1232154a6a44aa5","lessThan":"1114c87aa6f195cf07da55a27b2122ae26557b26","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/sw/rxe/rxe_resp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/105bf79a23b85cf3a761d18a4f3e10ce88526bc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1114c87aa6f195cf07da55a27b2122ae26557b26","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/539cabb7b2d8ba70f55bba91db55faef11c2a6d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ec1ed4747f5f99f8b797bb438c5efd36079fad5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d415fce3fcde6d7aeea6c25362a395b905811452","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46115","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:26.980","lastModified":"2026-06-24T17:00:06.850","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: add pgmap check to biovec_phys_mergeable\n\nbiovec_phys_mergeable() is used by the request merge, DMA mapping,\nand integrity merge paths to decide if two physically contiguous\nbvec segments can be coalesced into one. It currently has no check\nfor whether the segments belong to different dev_pagemaps.\n\nWhen zone device memory is registered in multiple chunks, each chunk\ngets its own dev_pagemap. A single bio can legitimately contain\nbvecs from different pgmaps -- iov_iter_extract_bvecs() breaks at\npgmap boundaries but the outer loop in bio_iov_iter_get_pages()\ncontinues filling the same bio. If such bvecs are physically\ncontiguous, biovec_phys_mergeable() will coalesce them, making it\nimpossible to recover the correct pgmap for the merged segment\nvia page_pgmap().\n\nAdd a zone_device_pages_have_same_pgmap() check to prevent merging\nbvec segments that span different pgmaps."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"49580e690755d0e51ed7aa2c33225dd884fa738a","lessThan":"3d2ecbd444b01d6500671d1a582b7393943cf539","versionType":"git","status":"affected"},{"version":"49580e690755d0e51ed7aa2c33225dd884fa738a","lessThan":"a7f3aa8c9df3905fe820ae36b67ba56b81587574","versionType":"git","status":"affected"},{"version":"49580e690755d0e51ed7aa2c33225dd884fa738a","lessThan":"f17d521075325b8afc42d1baa1c28a5e9aca111f","versionType":"git","status":"affected"},{"version":"49580e690755d0e51ed7aa2c33225dd884fa738a","lessThan":"f632dab4b841554cd6416058c61886d7db176581","versionType":"git","status":"affected"},{"version":"49580e690755d0e51ed7aa2c33225dd884fa738a","lessThan":"13920e4b7b784b40cf4519ff1f0f3e513476a499","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["block/blk.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13920e4b7b784b40cf4519ff1f0f3e513476a499","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3d2ecbd444b01d6500671d1a582b7393943cf539","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7f3aa8c9df3905fe820ae36b67ba56b81587574","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f17d521075325b8afc42d1baa1c28a5e9aca111f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f632dab4b841554cd6416058c61886d7db176581","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46118","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.293","lastModified":"2026-06-24T16:59:50.580","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle()\n\ncommit 6d3789d347a7 (\"papr-hvpipe: convert papr_hvpipe_dev_create_handle() to FD_PREPARE()\"),\nchanged the create handle to FD_PREPARE(), but it caused kernel\nnull-ptr-deref because after call to retain_and_null_ptr(src_info),\nsrc_info is re-used for adding it to the global list.\n\nGetting the following kernel panic in papr_hvpipe_dev_create_handle()\nwhen trying to add src_info to the list.\n Kernel attempted to write user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x00000000\n Faulting instruction address: 0xc0000000001b44a0\n Oops: Kernel access of bad area, sig: 11 [#1]\n ...\n Call Trace:\n papr_hvpipe_dev_ioctl+0x1f4/0x48c (unreliable)\n sys_ioctl+0x528/0x1064\n system_call_exception+0x128/0x360\n system_call_vectored_common+0x15c/0x2ec\n\nNow, the error handling with FD_PREPARE's file cleanup and __free(kfree) auto\ncleanup is getting too convoluted. This is mainly because we need to\nensure only 1 user get the srcID handle. To simplify this, we allocate\nprepare the src_info in the beginning and add it to the global list\nunder a spinlock after checking that no duplicates exist.\n\nThis simplify the error handling where if the FD_ADD fails, we can\nsimply remove the src_info from the list and consume any pending msg in\nhvpipe to be cleared, after src_info became visible in the global list."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"09c15bbbed533903e600660ea09098b3b0524f48","lessThan":"735439394dde8462f9b50566727fbe333beaadaf","versionType":"git","status":"affected"},{"version":"6d3789d347a7af5c4b0b2da3af47b8d9da607ab2","lessThan":"cf51bec1560f8bf115d1476f60335f9d90e110b0","versionType":"git","status":"affected"},{"version":"6d3789d347a7af5c4b0b2da3af47b8d9da607ab2","lessThan":"1b9f7aafa44f5ce852c00509104d10fd9eb0f402","versionType":"git","status":"affected"},{"version":"6.18.32","lessThan":"6.18.33","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18.32:*:*:*:*:*:*:*","matchCriteriaId":"C7375BE8-4505-4CEB-AA0F-F5D7B9AB272F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b9f7aafa44f5ce852c00509104d10fd9eb0f402","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/735439394dde8462f9b50566727fbe333beaadaf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf51bec1560f8bf115d1476f60335f9d90e110b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46119","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.390","lastModified":"2026-06-24T16:51:46.740","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix slab-out-of-bounds access in auth message processing\n\nIf a (potentially corrupted) message of type CEPH_MSG_AUTH_REPLY\ncontains a positive value in its result field, it is treated as an\nerror code by ceph_handle_auth_reply() and returned to\nhandle_auth_reply(). Thereafter, an attempt is made to send the\npreallocated message of type CEPH_MSG_AUTH, where the returned value is\ninterpreted as the size of the front segment to send. If the result\nvalue in the message is greater than the size of the memory buffer\nallocated for the front segment, an out-of-bounds access occurs, and\nthe content of the memory region beyond this buffer is sent out.\n\nThis patch fixes the issue by treating only negative values in the\nresult field as errors. Positive values are therefore treated as success\nin the same way as a zero value. Additionally, a BUG_ON is added to\n__send_prepared_auth_request() comparing the len parameter to\nfront_alloc_len to prevent sending the message if it exceeds the bounds\nof the allocation and to make it easier to catch any logic flaws leading\nto this."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ceph/auth.c","net/ceph/mon_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"c2374b92c729d0388a538b3cde7b3e3b5e55ef39","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"38fdf04c602d52c42c67fc1617211492753b7e8b","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"2ae0afd98432536562fa8261538ae795446f0589","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"408e85ee708b6aa03eeb0220ffa0915f4d407181","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"b7df9fbd4869fdfe09a3f501ffd228486521e062","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"8517b6c8d2c759918ba0058cb6c7e14d59643202","versionType":"git","status":"affected"},{"version":"4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc","lessThan":"1c439de70b1c3eb3c6bffa8245c16b9fc318f114","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ceph/auth.c","net/ceph/mon_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34.1","versionEndExcluding":"5.15.209","matchCriteriaId":"66FEB83E-2D81-4BA1-B8BE-C61B1BC97290"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:-:*:*:*:*:*:*","matchCriteriaId":"A3B1BC1D-ED46-4364-A1D9-1FA74182B03A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc2:*:*:*:*:*:*","matchCriteriaId":"86D3F64C-3F27-43E0-B0D4-62CE1E1F4EFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc3:*:*:*:*:*:*","matchCriteriaId":"7927713B-5EB0-41EB-86A9-9935775162E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc4:*:*:*:*:*:*","matchCriteriaId":"59037296-3143-4FBB-AFF7-D4FE2C85502F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc5:*:*:*:*:*:*","matchCriteriaId":"9CA27FD5-7DBF-4C85-80A9-D523B2E4B033"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc6:*:*:*:*:*:*","matchCriteriaId":"9711E333-A8E7-4F4B-BCFD-2023E889651A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.34:rc7:*:*:*:*:*:*","matchCriteriaId":"E04D3358-973B-42A1-8E08-2E3AE947193C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c439de70b1c3eb3c6bffa8245c16b9fc318f114","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ae0afd98432536562fa8261538ae795446f0589","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38fdf04c602d52c42c67fc1617211492753b7e8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/408e85ee708b6aa03eeb0220ffa0915f4d407181","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8517b6c8d2c759918ba0058cb6c7e14d59643202","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b7df9fbd4869fdfe09a3f501ffd228486521e062","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2374b92c729d0388a538b3cde7b3e3b5e55ef39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46120","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.497","lastModified":"2026-06-24T16:51:39.900","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6_gre: Use cached t->net in ip6erspan_changelink().\n\nAfter commit 5e72ce3e3980 (\"net: ipv6: Use link netns in newlink() of\nrtnl_link_ops\"), ip6erspan_newlink() correctly resolves the per-netns\nip6gre hash via link_net. ip6erspan_changelink() was not converted in\nthat series and still uses dev_net(dev), which diverges from the\ndevice's creation netns after IFLA_NET_NS_FD migration.\n\nThis re-inserts the tunnel into the wrong per-netns hash. The\noriginal netns keeps a stale entry. When that netns is later\ndestroyed, ip6gre_exit_rtnl_net() walks the stale entry, producing a\nslab-use-after-free reported by KASAN, followed by a kernel BUG at\nnet/core/dev.c (LIST_POISON1) in unregister_netdevice_many_notify().\n\nReachable from an unprivileged user namespace (unshare --user\n--map-root-user --net).\n\nip6gre_changelink() earlier in the same file already uses the cached\nt->net; only ip6erspan_changelink() has the wrong shape."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/ip6_gre.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"7bd0f2b162b426b343a114e1b329f0d8d14fdc6e","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"01b71ff2857d3598337de11e7840a8e3ff21553c","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"0fcf6731706f73494245a9c0d64f93bebf95bb51","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"eca62bb0569de4d43a4dac06a2092a9d4ca1d702","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"311fdd26eb4443d43b909cc67a10f3a5fd1b21b2","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"e70cfb40c3a99b232cd42c6a6a10f0d8e039dc82","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"cf7fc624329e76c6394653d12353e1d033adea91","versionType":"git","status":"affected"},{"version":"2d665034f239412927b1e71329f20f001c92da09","lessThan":"1d324c2f43f70c965f25c58cc3611c779adbe47e","versionType":"git","status":"affected"},{"version":"c6d72628352c949629af619b77b042e0fb5245e7","versionType":"git","status":"affected"},{"version":"4.16.12","lessThan":"4.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/ip6_gre.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.16.12","versionEndExcluding":"4.17","matchCriteriaId":"1E372F14-2300-4733-AA3A-B7DD0540E9B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17.1","versionEndExcluding":"5.10.258","matchCriteriaId":"6AE54F96-C194-40DB-B1DA-5B763A902041"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.17:-:*:*:*:*:*:*","matchCriteriaId":"3F438846-FE97-43DC-A655-B5EF8DED552E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.17:rc7:*:*:*:*:*:*","matchCriteriaId":"A665D441-505B-4569-9EBD-96EFC9DA73BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01b71ff2857d3598337de11e7840a8e3ff21553c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0fcf6731706f73494245a9c0d64f93bebf95bb51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1d324c2f43f70c965f25c58cc3611c779adbe47e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/311fdd26eb4443d43b909cc67a10f3a5fd1b21b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bd0f2b162b426b343a114e1b329f0d8d14fdc6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf7fc624329e76c6394653d12353e1d033adea91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e70cfb40c3a99b232cd42c6a6a10f0d8e039dc82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eca62bb0569de4d43a4dac06a2092a9d4ca1d702","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46121","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.600","lastModified":"2026-06-24T16:51:34.720","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock\n\nPatch series \"mm/damon/sysfs-schemes: fix use-after-free for [memcg_]path\".\n\nReads of 'memcg_path' and 'path' files in DAMON sysfs interface could race\nwith their writes, results in use-after-free.  Fix those.\n\n\nThis patch (of 2):\n\ndamon_sysfs_scheme_filter->mmecg_path can be read and written by users,\nvia DAMON sysfs memcg_path file.  It can also be indirectly read, for the\nparameters {on,off}line committing to DAMON.  The reads for parameters\ncommitting are protected by damon_sysfs_lock to avoid the sysfs files\nbeing destroyed while any of the parameters are being read.  But the\nuser-driven direct reads and writes are not protected by any lock, while\nthe write is deallocating the memcg_path-pointing buffer.  As a result,\nthe readers could read the already freed buffer (user-after-free).  Note\nthat the user-reads don't race when the same open file is used by the\nwriter, due to kernfs's open file locking.  Nonetheless, doing the reads\nand writes with separate open files would be common.  Fix it by protecting\nboth the user-direct reads and writes with damon_sysfs_lock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/damon/sysfs-schemes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"490a43d07f1663d827e802720d30cbc0494e4f81","lessThan":"b1e9f2d5870776347edef927f9bb3ea19b8e3abb","versionType":"git","status":"affected"},{"version":"c5d5b0047b0c0f304608f3824139f7bd34c48413","lessThan":"c88802d0e8edd14b6cd2daf3000f99adbc4c85c5","versionType":"git","status":"affected"},{"version":"4f489fe6afb395dbc79840efa3c05440b760d883","lessThan":"eafd6f5372d29b0dd213799b92c2c9c7ad31d7da","versionType":"git","status":"affected"},{"version":"4f489fe6afb395dbc79840efa3c05440b760d883","lessThan":"baecc45ad60e621ef14d6c1e7f41ef36bbfdf910","versionType":"git","status":"affected"},{"version":"4f489fe6afb395dbc79840efa3c05440b760d883","lessThan":"1e68eb96e8beb1abefd12dd22c5637795d8a877e","versionType":"git","status":"affected"},{"version":"4a158ac0538dd5695eeaa00aa0720d711f3e4ef1","versionType":"git","status":"affected"},{"version":"6.6.96","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.36","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"6.15.5","lessThan":"6.16","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/damon/sysfs-schemes.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.96","versionEndExcluding":"6.6.140","matchCriteriaId":"6F59F59B-0B5E-4FDE-9C04-14918F1FC132"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.36","versionEndExcluding":"6.12.88","matchCriteriaId":"5BDE39B7-94D9-46FE-800D-F242F5EF34BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.5","versionEndExcluding":"6.16","matchCriteriaId":"D10C9120-0117-4346-95CC-E5D06B9133C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.1","versionEndExcluding":"6.18.30","matchCriteriaId":"A544F5E4-2BCE-4FFA-98B2-08E08A05FF7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*","matchCriteriaId":"6238B17D-C12B-458F-A138-97039BFC4595"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*","matchCriteriaId":"A0517869-312D-4429-80C2-561086E1421C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*","matchCriteriaId":"85421F4E-C863-4ABF-B4B4-E887CC2F7F92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"3827F0D4-5FEE-4181-B267-5A45E7CA11FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e68eb96e8beb1abefd12dd22c5637795d8a877e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1e9f2d5870776347edef927f9bb3ea19b8e3abb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/baecc45ad60e621ef14d6c1e7f41ef36bbfdf910","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c88802d0e8edd14b6cd2daf3000f99adbc4c85c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eafd6f5372d29b0dd213799b92c2c9c7ad31d7da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46122","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.713","lastModified":"2026-06-24T16:51:28.153","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: enforce bounds check on firmware key index in b43_rx()\n\nThe firmware-controlled key index in b43_rx() can exceed the dev->key[]\narray size (58 entries). The existing B43_WARN_ON is non-enforcing in\nproduction builds, allowing an out-of-bounds read.\n\nMake the B43_WARN_ON check enforcing by dropping the frame when the\nfirmware returns an invalid key index."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/broadcom/b43/xmit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"135cb49c9a42a02cceeac7b49ec03e267f7ed6d6","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"3157ad40b084a8f3932da2641749ab45e99b933e","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"765709720e6af9a178abc40244a8d1aa39ac4e71","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"c3d7b90dc95020cd9282c4630e402fe224f7644e","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"1e9e55cf66f0fa4799f4d86ef3aaba8e606b5c14","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"d7029879bafdac2006c67553807d122283dc6cbf","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"219ba67e69e49681e48c822d6eaafb5def032f34","versionType":"git","status":"affected"},{"version":"e4d6b7951812d98417feb10784e400e253caf633","lessThan":"1f4f78bf8549e6ac4f04fba4176854f3a6e0c332","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/broadcom/b43/xmit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.24","status":"affected"},{"version":"0","lessThan":"2.6.24","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24","versionEndExcluding":"5.10.258","matchCriteriaId":"31937382-36DB-498C-82EF-4B52A5DE1424"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/135cb49c9a42a02cceeac7b49ec03e267f7ed6d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e9e55cf66f0fa4799f4d86ef3aaba8e606b5c14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f4f78bf8549e6ac4f04fba4176854f3a6e0c332","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/219ba67e69e49681e48c822d6eaafb5def032f34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3157ad40b084a8f3932da2641749ab45e99b933e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/765709720e6af9a178abc40244a8d1aa39ac4e71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3d7b90dc95020cd9282c4630e402fe224f7644e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7029879bafdac2006c67553807d122283dc6cbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46123","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.810","lastModified":"2026-06-24T16:51:21.783","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: virtio_bt: clamp rx length before skb_put\n\nvirtbt_rx_work() calls skb_put(skb, len) where len comes directly\nfrom virtqueue_get_buf() with no validation against the buffer we\nposted to the device. The RX skb is allocated in virtbt_add_inbuf()\nand exposed to virtio as exactly 1000 bytes via sg_init_one().\n\nChecking len against skb_tailroom(skb) is not sufficient because\nalloc_skb() can leave more tailroom than the 1000 bytes actually\nhanded to the device. A malicious or buggy backend can therefore\nreport used.len between 1001 and skb_tailroom(skb), causing skb_put()\nto include uninitialized kernel heap bytes that were never written by\nthe device.\n\nThe same path also accepts len == 0, in which case skb_put(skb, 0)\nleaves the skb empty but virtbt_rx_handle() still reads the pkt_type\nbyte from skb->data, consuming uninitialized memory.\n\nDefine VIRTBT_RX_BUF_SIZE once and reuse it in alloc_skb() and\nsg_init_one(), and gate virtbt_rx_work() on that same constant so\nthe bound checked matches the buffer actually exposed to the device.\nReject used.len == 0 in the same gate so an empty completion can\nno longer reach virtbt_rx_handle().\n\nUse bt_dev_err_ratelimited() because the length value comes from an\nuntrusted backend that can otherwise flood the kernel log.\n\nSame class of bug as commit c04db81cd028 (\"net/9p: Fix buffer\noverflow in USB transport layer\"), which hardened the USB 9p\ntransport against unchecked device-reported length."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/bluetooth/virtio_bt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cf2719a21fdb9d4c8e9c834d279163609bef575d","lessThan":"4236e55b2d9d1ffd3b4bdf8ebbb86e5a0a526b4a","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"fd91fa2678ab603dfb285416c1cf3843d7be1e41","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"ed41c81d30b211a671667259c3b5feeba0e062d5","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"6c1730099a6fc18b183bd6c1adad3b54adcaeda9","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"b40cdd1b1370d76e9e760af4490cb4a351cceead","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"e6b4296f170d949ebba937cf6a3f247ec9550d2c","versionType":"git","status":"affected"},{"version":"160fbcf3bfb93c3c086427f9f4c8bc70f217e9be","lessThan":"21bd244b6de5d2fe1063c23acc93fbdd2b20d112","versionType":"git","status":"affected"},{"version":"9b67438e315b925a699f0178f4a48baf3d2d6ef4","versionType":"git","status":"affected"},{"version":"5.15.78","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.0.8","lessThan":"6.1","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/bluetooth/virtio_bt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.78","versionEndExcluding":"5.15.209","matchCriteriaId":"9160A8B1-A21E-435E-8788-74986408D756"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.8","versionEndExcluding":"6.1","matchCriteriaId":"C49BA079-1891-4A21-B1A5-DB8C45CD20B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.1","versionEndExcluding":"6.1.175","matchCriteriaId":"F8A015A3-130B-47F1-899B-AEDD0994D3D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*","matchCriteriaId":"DE093B34-F4CD-4052-8122-730D6537A91A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*","matchCriteriaId":"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*","matchCriteriaId":"35B26BE4-43A6-4A36-A7F6-5B3F572D9186"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*","matchCriteriaId":"3FFFB0B3-930D-408A-91E2-BAE0C2715D80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*","matchCriteriaId":"8535320E-A0DB-4277-800E-D0CE5BBA59E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*","matchCriteriaId":"21718AA4-4056-40F2-968E-BDAA465A7872"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21bd244b6de5d2fe1063c23acc93fbdd2b20d112","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4236e55b2d9d1ffd3b4bdf8ebbb86e5a0a526b4a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c1730099a6fc18b183bd6c1adad3b54adcaeda9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b40cdd1b1370d76e9e760af4490cb4a351cceead","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e6b4296f170d949ebba937cf6a3f247ec9550d2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed41c81d30b211a671667259c3b5feeba0e062d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd91fa2678ab603dfb285416c1cf3843d7be1e41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46124","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:27.920","lastModified":"2026-06-24T16:51:14.923","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: validate block number from NFS file handle in isofs_export_iget\n\nisofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-\ncontrolled block number (ifid->block or ifid->parent_block) from\nthe NFS file handle to isofs_export_iget(), which only rejects\nblock == 0 before calling isofs_iget() and ultimately sb_bread().\nA crafted file handle with fh_len sufficient to pass the check\nadded by commit 0405d4b63d08 (\"isofs: Prevent the use of too small\nfid\") can still drive the server to read any in-range block on the\nbacking device as if it were an iso_directory_record.  That earlier\nfix was assigned CVE-2025-37780.\n\nsb_bread() on an out-of-range block returns NULL cleanly via the\nEIO path, so there is no memory-safety violation.  For in-range\nreads of adjacent-partition data on the same block device, the\nunrelated bytes end up in iso_inode_info fields that reach the NFS\nclient as dentry metadata.  The deployment surface (isofs exported\nover NFS from loop-mounted images) is narrow and requires an\nauthenticated NFS peer, but the malformed-file-handle class is\nreportable as hardening next to the existing CVE-2025-37780 fix.\n\nReject block >= ISOFS_SB(sb)->s_nzones in isofs_export_iget() so\nthe check covers both isofs_fh_to_dentry() and isofs_fh_to_parent()\ncall sites with a single line."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/isofs/export.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5e7de55602c61c8ff28db075cc49c8dd6989d7e0","lessThan":"ee0024f5a7e3c73aa253869fae9650ae054093ca","versionType":"git","status":"affected"},{"version":"63d5a3e207bf315a32c7d16de6c89753a759f95a","lessThan":"31dbb4ba0f719ae7774e4c0c95172c9bf81692f5","versionType":"git","status":"affected"},{"version":"0fdafdaef796816a9ed0fd7ac812932d569d9beb","lessThan":"908a76f0b1038035e6ebb4f2293ce079f92e0a02","versionType":"git","status":"affected"},{"version":"952e7a7e317f126d0a2b879fc531b716932d5ffa","lessThan":"bb0988ed4f2e26d59bbb58f644cb3a55b7521e21","versionType":"git","status":"affected"},{"version":"56dfffea9fd3be0b3795a9ca6401e133a8427e0b","lessThan":"0a1af74ae2177bda3aee0837a0546309aa539d0d","versionType":"git","status":"affected"},{"version":"0405d4b63d082861f4eaff9d39c78ee9dc34f845","lessThan":"afbafeddf23db13fe2edb2d5c0bf4bbb13d7881b","versionType":"git","status":"affected"},{"version":"0405d4b63d082861f4eaff9d39c78ee9dc34f845","lessThan":"4c721a1d9b3c4fcaf59cc9b2281e3ec5a043e1a6","versionType":"git","status":"affected"},{"version":"0405d4b63d082861f4eaff9d39c78ee9dc34f845","lessThan":"24376458138387fb251e782e624c7776e9826796","versionType":"git","status":"affected"},{"version":"ee01a309ebf598be1ff8174901ed6e91619f1749","versionType":"git","status":"affected"},{"version":"007124c896e7d4614ac1f6bd4dedb975c35a2a8e","versionType":"git","status":"affected"},{"version":"5.10.237","lessThan":"5.10.258","versionType":"semver","status":"affected"},{"version":"5.15.181","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.135","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.88","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.25","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"5.4.293","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.14.4","lessThan":"6.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/isofs/export.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.293","versionEndExcluding":"5.5","matchCriteriaId":"4D6F83CA-7E5C-4A91-9D8C-71CC85535E7D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.237","versionEndExcluding":"5.10.258","matchCriteriaId":"D8832159-E9F2-4E3A-869E-F397B4D75488"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.181","versionEndExcluding":"5.15.209","matchCriteriaId":"319819D2-533D-4AE6-8CE2-84C6808BA7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.135","versionEndExcluding":"6.1.175","matchCriteriaId":"AB26E4C3-EF6C-4A53-AD49-F12E5001AEFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.88","versionEndExcluding":"6.6.140","matchCriteriaId":"78409D7B-A51C-439C-AF2E-F5FAF6F02BDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.25","versionEndExcluding":"6.12.88","matchCriteriaId":"AAED5477-21D0-4771-AF56-C4AC881021BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.4","versionEndExcluding":"6.15","matchCriteriaId":"786E593C-5048-4AE0-9421-71BE44AB6058"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.1","versionEndExcluding":"6.18.30","matchCriteriaId":"5E3FC740-6BC4-42A2-9F5A-712E2A27869A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:-:*:*:*:*:*:*","matchCriteriaId":"A1ECC65A-EE37-4479-8E99-4BB68A22A31F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*","matchCriteriaId":"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*","matchCriteriaId":"2D240580-3048-49B2-9E27-F115A9DF8224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*","matchCriteriaId":"90320558-E553-4EF5-8A0B-0F5D20113BD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*","matchCriteriaId":"C300BA32-5854-4B59-A00A-18A402F291D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a1af74ae2177bda3aee0837a0546309aa539d0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24376458138387fb251e782e624c7776e9826796","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31dbb4ba0f719ae7774e4c0c95172c9bf81692f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c721a1d9b3c4fcaf59cc9b2281e3ec5a043e1a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/908a76f0b1038035e6ebb4f2293ce079f92e0a02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/afbafeddf23db13fe2edb2d5c0bf4bbb13d7881b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb0988ed4f2e26d59bbb58f644cb3a55b7521e21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee0024f5a7e3c73aa253869fae9650ae054093ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46126","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.140","lastModified":"2026-06-24T16:50:42.170","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()\n\nSashiko points out there are two bugs here in the error unwind flow, both\nrelated to how the WQ table is unwound.\n\nFirst there is a double i-- on the first failure path due to the while loop\nhaving a i--, remove it.\n\nSecond if mana_ib_install_cq_cb() fails then mana_create_wq_obj() is not\nundone due to the above i--."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/mana/qp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c15d7802a42402a87880a17eee89ff023e49ecc0","lessThan":"8f23eb6c50f1a4bf32fc4d62cfb9fc39e8e586cf","versionType":"git","status":"affected"},{"version":"c15d7802a42402a87880a17eee89ff023e49ecc0","lessThan":"bb9cb36eaefa4dcb7c0d9f7a01e5c739abdd53a8","versionType":"git","status":"affected"},{"version":"c15d7802a42402a87880a17eee89ff023e49ecc0","lessThan":"9a05a6798177e44dfbe18393be2c1ebb89ab06fd","versionType":"git","status":"affected"},{"version":"c15d7802a42402a87880a17eee89ff023e49ecc0","lessThan":"34ecf795692ee57c393109f4a24ccc313091e137","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/mana/qp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.88","matchCriteriaId":"9CABD608-1D5A-4C0B-ACA4-A4E038DEBDA3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/34ecf795692ee57c393109f4a24ccc313091e137","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8f23eb6c50f1a4bf32fc4d62cfb9fc39e8e586cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a05a6798177e44dfbe18393be2c1ebb89ab06fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb9cb36eaefa4dcb7c0d9f7a01e5c739abdd53a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46127","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.250","lastModified":"2026-06-24T16:50:27.770","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()\n\nSashiko points out that pd->uctx isn't initialized until late in the\nfunction so all these error flow references are NULL and will crash. Use\nthe uctx that isn't NULL."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/ocrdma/ocrdma_verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"b610f33c5523fe26f6dd897667fff9c7a1de5905","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"443c991fbc954cc9363e963c09f404b9f281f3a2","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"27b6eb1f27fda9bdd5cae028e396758cdf525845","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"e01a957561f663d3b68d2fd233a4502e3367efcd","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"75fc130664ae324e7b2f9ad3630e0f175e9ca6c8","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"8832626a483439e207734e027afff322ccdf726e","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"ec44c00a4fe1327efa35083f98b39c01cb535a51","versionType":"git","status":"affected"},{"version":"fe2caefcdf5869f308c102e3d64d40683bfad711","lessThan":"34fbf48cf3b410d2a6e8c586fa952a36331ca5ba","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/ocrdma/ocrdma_verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.5","status":"affected"},{"version":"0","lessThan":"3.5","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.258","matchCriteriaId":"87228D43-E81A-4C73-9457-94467C1D5AB5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/27b6eb1f27fda9bdd5cae028e396758cdf525845","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/34fbf48cf3b410d2a6e8c586fa952a36331ca5ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/443c991fbc954cc9363e963c09f404b9f281f3a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/75fc130664ae324e7b2f9ad3630e0f175e9ca6c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8832626a483439e207734e027afff322ccdf726e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b610f33c5523fe26f6dd897667fff9c7a1de5905","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e01a957561f663d3b68d2fd233a4502e3367efcd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec44c00a4fe1327efa35083f98b39c01cb535a51","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46128","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.373","lastModified":"2026-06-24T16:50:16.717","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Check event message buffer response for bad data\n\nThe event message buffer response data size got checked later when\nprocessing, but check it right after the response comes back.  It\nappears some BMCs may return an empty message instead of an error\nwhen fetching events.\n\nThere are apparently some new BMCs that make this error, so we need to\ncompensate."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/ipmi/ipmi_si_intf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"cf1ef30c42a7079e5bad863cd01c52aa3a17c3ac","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"474e53d4397087913a5b9c9eb90fa068da4808bf","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"01f8387fa5b796f13cf50014c171f6da7abc46ea","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2418e4b21fb1355504d095da5d5f0a210564a43d","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"42432b579a594b66ac32e5e7b7c26e6bc578ec89","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"24269264c3d59a49eb09b10af2c75b14f2931482","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"36920f30e78e69df01f9691c470b6f3ba8aebf98","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/ipmi/ipmi_si_intf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01f8387fa5b796f13cf50014c171f6da7abc46ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2418e4b21fb1355504d095da5d5f0a210564a43d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24269264c3d59a49eb09b10af2c75b14f2931482","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36920f30e78e69df01f9691c470b6f3ba8aebf98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/42432b579a594b66ac32e5e7b7c26e6bc578ec89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/474e53d4397087913a5b9c9eb90fa068da4808bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f7ada72c07a83b46045ddfeee526bd9e2e3c8f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf1ef30c42a7079e5bad863cd01c52aa3a17c3ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46129","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.473","lastModified":"2026-06-24T18:10:24.650","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double free in create_space_info() error path\n\nWhen kobject_init_and_add() fails, the call chain is:\n\ncreate_space_info()\n-> btrfs_sysfs_add_space_info_type()\n-> kobject_init_and_add()\n-> failure\n-> kobject_put(&space_info->kobj)\n-> space_info_release()\n-> kfree(space_info)\n\nThen control returns to create_space_info():\n\nbtrfs_sysfs_add_space_info_type() returns error\n-> goto out_free\n-> kfree(space_info)\n\nThis causes a double free.\n\nKeep the direct kfree(space_info) for the earlier failure path, but\nafter btrfs_sysfs_add_space_info_type() has called kobject_put(), let\nthe kobject release callback handle the cleanup."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/btrfs/space-info.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"20e8f2de3688082eeafeb93c8900485b7542457e","lessThan":"ae6d6e31ceb72b7697c28a528e4923c08e3c2ef5","versionType":"git","status":"affected"},{"version":"58208907c4044a764dbd8896026283905da6d9be","lessThan":"c2670ec4aa49ca226bce9776601e0da37502be07","versionType":"git","status":"affected"},{"version":"bb4fa4c0b54aae25e55faeda7f78d0c11b8cd618","lessThan":"f414b3abbba59ef379a2b3c31f2bdd9358ed5e53","versionType":"git","status":"affected"},{"version":"6cb008f1bb23e023dfe615cca5df14570dfc8da5","lessThan":"9a060970fd7b5e1c561e4ce73cb9949e4269a738","versionType":"git","status":"affected"},{"version":"a11224a016d6d1d46a4d9b6573244448a80d4d7f","lessThan":"dd6ade0fdd59218d71a981ae7c937a304e49209c","versionType":"git","status":"affected"},{"version":"a11224a016d6d1d46a4d9b6573244448a80d4d7f","lessThan":"3f487be81292702a59ea9dbc4088b3360a50e837","versionType":"git","status":"affected"},{"version":"6.1.162","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.122","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.67","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"6.18.7","lessThan":"6.18.30","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/btrfs/space-info.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.162","versionEndExcluding":"6.1.175","matchCriteriaId":"75727B5C-E260-40C6-ADB0-FE828902A5F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.122","versionEndExcluding":"6.6.140","matchCriteriaId":"511A93EB-D844-497A-8507-71BFE095FA06"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.67","versionEndExcluding":"6.12.88","matchCriteriaId":"251D1B2E-2F27-4042-84E8-B5A01A75AB74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.7","versionEndExcluding":"6.18.30","matchCriteriaId":"76CFFF82-D317-4BEA-807B-C59EA6680E3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.1","versionEndExcluding":"7.0.7","matchCriteriaId":"E4CB01CB-3218-4920-91CF-A5FFFFFF60C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*","matchCriteriaId":"35C8A871-4971-433E-A046-FC9F7B7D190A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3f487be81292702a59ea9dbc4088b3360a50e837","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a060970fd7b5e1c561e4ce73cb9949e4269a738","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae6d6e31ceb72b7697c28a528e4923c08e3c2ef5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c2670ec4aa49ca226bce9776601e0da37502be07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd6ade0fdd59218d71a981ae7c937a304e49209c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f414b3abbba59ef379a2b3c31f2bdd9358ed5e53","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46130","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.570","lastModified":"2026-06-24T17:54:07.270","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm-verity-fec: fix reading parity bytes split across blocks (take 3)\n\nfec_decode_bufs() assumes that the parity bytes of the first RS codeword\nit decodes are never split across parity blocks.\n\nThis assumption is false.  Consider v->fec->block_size == 4096 &&\nv->fec->roots == 17 && fio->nbufs == 1, for example.  In that case, each\ncall to fec_decode_bufs() consumes v->fec->roots * (fio->nbufs <<\nDM_VERITY_FEC_BUF_RS_BITS) = 272 parity bytes.\n\nConsidering that the parity data for each message block starts on a\nblock boundary, the byte alignment in the parity data will iterate\nthrough 272*i mod 4096 until the 3 parity blocks have been consumed.  On\nthe 16th call (i=15), the alignment will be 4080 bytes into the first\nblock.  Only 16 bytes remain in that block, but 17 parity bytes will be\nneeded.  The code reads out-of-bounds from the parity block buffer.\n\nFortunately this doesn't normally happen, since it can occur only for\ncertain non-default values of fec_roots *and* when the maximum number of\nbuffers couldn't be allocated due to low memory.  For example with\nblock_size=4096 only the following cases are affected:\n\n    fec_roots=17: nbufs in [1, 3, 5, 15]\n    fec_roots=19: nbufs in [1, 229]\n    fec_roots=21: nbufs in [1, 3, 5, 13, 15, 39, 65, 195]\n    fec_roots=23: nbufs in [1, 89]\n\nRegardless, fix it by refactoring how the parity blocks are read."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-verity-fec.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6df90c02bae468a3a6110bafbc659884d0c4966c","lessThan":"3d1b4e2d8ac0a1a1390a117f61ce0ca1c47e3bcb","versionType":"git","status":"affected"},{"version":"6df90c02bae468a3a6110bafbc659884d0c4966c","lessThan":"430a05cb926f6bdf53e81460a2c3a553257f3f61","versionType":"git","status":"affected"},{"version":"6bc6ee31113b05db605694491bdeb2b1730142f1","versionType":"git","status":"affected"},{"version":"12caa73a28f0ae147ec0356b45091edf2462462b","versionType":"git","status":"affected"},{"version":"fc8943886629e26de34867db302c74d465510826","versionType":"git","status":"affected"},{"version":"6.1.125","lessThan":"6.2","versionType":"semver","status":"affected"},{"version":"6.6.72","lessThan":"6.7","versionType":"semver","status":"affected"},{"version":"6.12.10","lessThan":"6.13","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-verity-fec.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.125","versionEndExcluding":"6.2","matchCriteriaId":"11083F03-2811-4C72-9E18-287C2EE4B3BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.72","versionEndExcluding":"6.7","matchCriteriaId":"0307D505-E29B-475B-99D8-D3978D39E7DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.10","versionEndExcluding":"6.13","matchCriteriaId":"1EFFAF09-76E6-408C-A76D-D9ACB7B92EAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.1","versionEndExcluding":"7.0.7","matchCriteriaId":"3305D327-0CC2-4C16-9291-5F57A56171E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*","matchCriteriaId":"5A3F9505-6B98-4269-8B81-127E55A1BF00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*","matchCriteriaId":"5DFCDFB8-4FD0-465A-9076-D813D78FE51B"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3d1b4e2d8ac0a1a1390a117f61ce0ca1c47e3bcb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/430a05cb926f6bdf53e81460a2c3a553257f3f61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46131","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.663","lastModified":"2026-06-24T17:52:24.747","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: check for nEPT/nNPT in slow flush hypercalls\n\nChecking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa()\nis only valid if an L2 guest is running *with nested EPT/NPT enabled*.\nInstead use the same condition as translate_nested_gpa() itself."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/hyperv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aee738236dca0d0870789138ec494e15d6303566","lessThan":"971f17f5d91045404e3914029ea57c3da90179a4","versionType":"git","status":"affected"},{"version":"aee738236dca0d0870789138ec494e15d6303566","lessThan":"45fc766bc756ff1d66f8ca026a9c4f7f764adfae","versionType":"git","status":"affected"},{"version":"aee738236dca0d0870789138ec494e15d6303566","lessThan":"d6f4e217d663ede5becc2fd6cb612c749677387b","versionType":"git","status":"affected"},{"version":"aee738236dca0d0870789138ec494e15d6303566","lessThan":"4c7f8436b19a2a3acc0cb6b6e3becd6796ae5c57","versionType":"git","status":"affected"},{"version":"aee738236dca0d0870789138ec494e15d6303566","lessThan":"464af6fc2b1dcc74005b7f58ee3812b17777efee","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/hyperv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/45fc766bc756ff1d66f8ca026a9c4f7f764adfae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/464af6fc2b1dcc74005b7f58ee3812b17777efee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c7f8436b19a2a3acc0cb6b6e3becd6796ae5c57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/971f17f5d91045404e3914029ea57c3da90179a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6f4e217d663ede5becc2fd6cb612c749677387b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46132","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.753","lastModified":"2026-06-24T17:51:37.653","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo\n\nrtnl_fill_vfinfo() declares struct ifla_vf_broadcast on the stack\nwithout initialisation:\n\n\tstruct ifla_vf_broadcast vf_broadcast;\n\nThe struct contains a single fixed 32-byte field:\n\n\t/* include/uapi/linux/if_link.h */\n\tstruct ifla_vf_broadcast {\n\t\t__u8 broadcast[32];\n\t};\n\nThe function then copies dev->broadcast into it using dev->addr_len\nas the length:\n\n\tmemcpy(vf_broadcast.broadcast, dev->broadcast, dev->addr_len);\n\nOn Ethernet devices (the overwhelming majority of SR-IOV NICs)\ndev->addr_len is 6, so only the first 6 bytes of broadcast[] are\nwritten. The remaining 26 bytes retain whatever was previously on\nthe kernel stack. The full struct is then handed to userspace via:\n\n\tnla_put(skb, IFLA_VF_BROADCAST,\n\t\tsizeof(vf_broadcast), &vf_broadcast)\n\nleaking up to 26 bytes of uninitialised kernel stack per VF per\nRTM_GETLINK request, repeatable.\n\nThe other vf_* structs in the same function are explicitly zeroed\nfor exactly this reason - see the memset() calls for ivi,\nvf_vlan_info, node_guid and port_guid a few lines above.\nvf_broadcast was simply missed when it was added.\n\nReachability: any unprivileged local process can open AF_NETLINK /\nNETLINK_ROUTE without capabilities and send RTM_GETLINK with an\nIFLA_EXT_MASK attribute carrying RTEXT_FILTER_VF. The kernel walks\neach VF and emits IFLA_VF_BROADCAST, leaking 26 bytes of stack per\nVF per request. Stack residue at this call site can include return\naddresses and transient sensitive data; KASAN with stack\ninstrumentation, or KMSAN, will flag the nla_put() when reproduced.\n\nZero the on-stack struct before the partial memcpy, matching the\nexisting pattern used for the other vf_* structs in the same\nfunction."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/rtnetlink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"14271b401ec6a4bf0d88054106fc2956084717e1","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"cccce3190ba4356432b9f22369b56123d3d89f0d","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"a44fbb631cba646532f3948636626f81717365a7","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"0653c0516234c8258975d268a749115fc0f0ff00","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"c5b1b92ab7eff1a6e8c507ddde6fd02fabd0cfa8","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"fbe0e6197225e6a83cf113a67a4b425f8de0bcd5","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"38bcc21f52246badb3154b6158dcb381d98de011","versionType":"git","status":"affected"},{"version":"75345f888f700c4ab2448287e35d48c760b202e6","lessThan":"4b9e327991815e128ad3af75c3a04630a63ce3e0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/rtnetlink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.258","matchCriteriaId":"24B3A7BD-AD4C-4029-A7C0-87FA0CB1BFEB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0653c0516234c8258975d268a749115fc0f0ff00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/14271b401ec6a4bf0d88054106fc2956084717e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38bcc21f52246badb3154b6158dcb381d98de011","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b9e327991815e128ad3af75c3a04630a63ce3e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a44fbb631cba646532f3948636626f81717365a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5b1b92ab7eff1a6e8c507ddde6fd02fabd0cfa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cccce3190ba4356432b9f22369b56123d3d89f0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fbe0e6197225e6a83cf113a67a4b425f8de0bcd5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46133","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.863","lastModified":"2026-06-24T17:50:36.997","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Reject unknown opcodes before ICRC processing\n\nEven after applying commit 7244491dab34 (\"RDMA/rxe: Validate pad and ICRC\nbefore payload_size() in rxe_rcv\"), a single unauthenticated UDP packet\ncan still trigger panic.  That patch handled payload_size() underflow only\nfor valid opcodes with short packets, not for packets carrying an unknown\nopcode.  The unknown-opcode OOB read described below predates that commit\nand reaches back to the initial Soft RoCE driver.\n\nThe check added there reads\n\n    pkt->paylen < header_size(pkt) + bth_pad(pkt) + RXE_ICRC_SIZE\n\nwhere header_size(pkt) expands to rxe_opcode[pkt->opcode].length.  The\nrxe_opcode[] array has 256 entries but is only populated for defined IB\nopcodes; any other entry (for example opcode 0xff) is zero-initialized, so\nlength == 0 and the check degenerates to\n\n    pkt->paylen < 0 + bth_pad(pkt) + RXE_ICRC_SIZE\n\nwhich does not constrain pkt->paylen enough.  rxe_icrc_hdr() then computes\n\n    rxe_opcode[pkt->opcode].length - RXE_BTH_BYTES\n\nwhich underflows when length == 0 and passes a huge value to rxe_crc32(),\ncausing an out-of-bounds read of the skb payload.\n\nReproduced on v7.0-rc7 with that fix applied, QEMU/KVM with\nCONFIG_RDMA_RXE=y and CONFIG_KASAN=y, after\n\n    rdma link add rxe0 type rxe netdev eth0\n\nA single 48-byte UDP packet to port 4791 with BTH opcode=0xff and\nQPN=IB_MULTICAST_QPN triggers:\n\n    BUG: KASAN: slab-out-of-bounds in crc32_le+0x115/0x170\n    Read of size 1 at addr ...\n    The buggy address is located 0 bytes to the right of\n     allocated 704-byte region\n    Call Trace:\n     crc32_le+0x115/0x170\n     rxe_icrc_hdr.isra.0+0x226/0x300\n     rxe_icrc_check+0x13f/0x3a0\n     rxe_rcv+0x6e1/0x16e0\n     rxe_udp_encap_recv+0x20a/0x320\n     udp_queue_rcv_one_skb+0x7ed/0x12c0\n\nSubsequent packets with the same shape fault on unmapped memory and panic\nthe kernel.  The trigger requires only module load and \"rdma link add\"; no\nQP, no connection, and no authentication.\n\nFix this by rejecting packets whose opcode has no rxe_opcode[] entry,\ndetected via the zero mask or zero length, before any length arithmetic\nruns."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/sw/rxe/rxe_recv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"318787fa7193bd79691f2ebce4e80cb6abd0faef","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"6a79b1ea0fcb2c998fda6a793050f66146e9cc42","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"599cfdf44c1701c581cd4a21f1e1e03f8dc3840b","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"e3dc3a2fb05f4ed49c7f20594c4c52350d032189","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"f8ee926431a7bbec2b10c1290664af2cb290b983","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"006a3a5f75345c6a0dbf13fd3ee01406e93b6733","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"6fa18025e5782afff91415fd5217b39c1e4837d7","versionType":"git","status":"affected"},{"version":"8700e3e7c4857d28ebaa824509934556da0b3e76","lessThan":"4c6f86d85d03cdb33addce86aa69aa795ca6c47a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/sw/rxe/rxe_recv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.258","matchCriteriaId":"1CA35684-7A23-48C2-8A06-2BD61F906C76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/006a3a5f75345c6a0dbf13fd3ee01406e93b6733","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/318787fa7193bd79691f2ebce4e80cb6abd0faef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c6f86d85d03cdb33addce86aa69aa795ca6c47a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/599cfdf44c1701c581cd4a21f1e1e03f8dc3840b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6a79b1ea0fcb2c998fda6a793050f66146e9cc42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fa18025e5782afff91415fd5217b39c1e4837d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3dc3a2fb05f4ed49c7f20594c4c52350d032189","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8ee926431a7bbec2b10c1290664af2cb290b983","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46134","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:28.970","lastModified":"2026-06-24T17:49:46.630","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration\n\ncros_typec_register_thunderbolt() missed initializing the `adata->lock`\nmutex.  This leads to a NULL dereference when the mutex is later\nacquired (e.g. in cros_typec_altmode_work()).\n\nInitialize the mutex in cros_typec_register_thunderbolt() to fix the\nissue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/platform/chrome/cros_typec_altmode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3b00be26b16ad72c85624ada08cbae2d2c57b6e9","lessThan":"23ae72e8c2f1c1d1da8cbd479320ddcfcc9c7435","versionType":"git","status":"affected"},{"version":"3b00be26b16ad72c85624ada08cbae2d2c57b6e9","lessThan":"3b13d5883a097f538fccbab1c61c95546d29621f","versionType":"git","status":"affected"},{"version":"3b00be26b16ad72c85624ada08cbae2d2c57b6e9","lessThan":"525cb7ba6661074c1c5cc3772bccc6afab6791ef","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/platform/chrome/cros_typec_altmode.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.30","matchCriteriaId":"F0D50973-3256-404A-A82D-192369F39418"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/23ae72e8c2f1c1d1da8cbd479320ddcfcc9c7435","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3b13d5883a097f538fccbab1c61c95546d29621f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/525cb7ba6661074c1c5cc3772bccc6afab6791ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46136","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.160","lastModified":"2026-06-24T17:40:12.773","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix a potential clc buffer length underflow\n\nThe buf_len is used to limit the iterations for retrieving the country\npower setting and may underflow under certain conditions due to changes\nin the power table in CLC.\n\nThis underflow leads to an almost infinite loop or an invalid power\nsetting resulting in driver initialization failure."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7921/mcu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0c9318d49e501a5d50b02bd91a4813bde2353488","lessThan":"2a79b1a492bcfa725383b6580cd93a6862308c85","versionType":"git","status":"affected"},{"version":"15173a1697236793e9e900b82fece6f99d41b2a7","lessThan":"e451c325b000b9a0081fd93bc6d103d6943d4b55","versionType":"git","status":"affected"},{"version":"fa6ad88e023ddfa6c5dcdb466d159e89f451e305","lessThan":"90cc573fd2f46ddbc2c329e7814b5ba3deb7b939","versionType":"git","status":"affected"},{"version":"fa6ad88e023ddfa6c5dcdb466d159e89f451e305","lessThan":"0aa63d33742b805d1a218d18d12b983cce4b2f7b","versionType":"git","status":"affected"},{"version":"fa6ad88e023ddfa6c5dcdb466d159e89f451e305","lessThan":"a0111847f0b4f6023f6dd320114697514e024ba3","versionType":"git","status":"affected"},{"version":"fa6ad88e023ddfa6c5dcdb466d159e89f451e305","lessThan":"5373f8b19e568b5c217832b9bbef165bd2b2df14","versionType":"git","status":"affected"},{"version":"5c8cac512844ad593d31258e215908014381bee2","versionType":"git","status":"affected"},{"version":"6.1.75","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.14","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.7.2","lessThan":"6.8","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7921/mcu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.75","versionEndExcluding":"6.1.175","matchCriteriaId":"1AC93E83-E640-47B5-BCF9-0FFCDA274EEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.14","versionEndExcluding":"6.6.140","matchCriteriaId":"DDA38AF8-5649-49C0-B3A4-217AE5C066D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.2","versionEndExcluding":"6.12.88","matchCriteriaId":"E8C8835C-76B7-4E05-A489-5CCDC9D86FA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a79b1a492bcfa725383b6580cd93a6862308c85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46137","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.263","lastModified":"2026-06-24T17:32:53.823","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: ADD_ADDR rtx: fix potential data-race\n\nThis mptcp_pm_add_timer() helper is executed as a timer callback in\nsoftirq context. To avoid any data races, the socket lock needs to be\nheld with bh_lock_sock().\n\nIf the socket is in use, retry again soon after, similar to what is done\nwith the keepalive timer."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/mptcp/pm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"d9b272a85fe6b8f993e37915311e4038c814a533","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"23079e0b7742ec114d3507c3e3aad01b7b69e4af","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"b35605e1f1e877038c8c9d499babbc891cdd234f","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"013dcdc1961543b9a3433466bc8c79a2f4ca75b5","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"6e4710d7d8782cb61af29a7e7111ddfc38b9e1a3","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"2ad56e434199ca24a812bb353667aa1c3860f513","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"cc3c0399361efaaf7ae64262eb3f70829b1189c6","versionType":"git","status":"affected"},{"version":"00cfd77b9063dcdf3628a7087faba60de85a9cc8","lessThan":"5cd6e0ad79d2615264f63929f8b457ad97ae550d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/mptcp/pm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.259","matchCriteriaId":"08AA0DD6-B427-47BB-BBC6-8C706816E0BE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/013dcdc1961543b9a3433466bc8c79a2f4ca75b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/23079e0b7742ec114d3507c3e3aad01b7b69e4af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2ad56e434199ca24a812bb353667aa1c3860f513","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5cd6e0ad79d2615264f63929f8b457ad97ae550d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e4710d7d8782cb61af29a7e7111ddfc38b9e1a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b35605e1f1e877038c8c9d499babbc891cdd234f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc3c0399361efaaf7ae64262eb3f70829b1189c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9b272a85fe6b8f993e37915311e4038c814a533","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46138","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.357","lastModified":"2026-06-24T17:27:56.673","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt\n\nhci_le_create_big_complete_evt() iterates over BT_BOUND connections for\na BIG handle using a while loop, accessing ev->bis_handle[i++] on each\niteration.  However, there is no check that i stays within ev->num_bis\nbefore the array access.\n\nWhen a controller sends a LE_Create_BIG_Complete event with fewer\nbis_handle entries than there are BT_BOUND connections for that BIG,\nor with num_bis=0, the loop reads beyond the valid bis_handle[] flex\narray into adjacent heap memory.  Since the out-of-bounds values\ntypically exceed HCI_CONN_HANDLE_MAX (0x0EFF), hci_conn_set_handle()\nrejects them and the connection remains in BT_BOUND state.  The same\nconnection is then found again by hci_conn_hash_lookup_big_state(),\ncreating an infinite loop with hci_dev_lock held.\n\nFix this by terminating the BIG if in case not all BIS could be setup\nproperly."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/hci_event.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a0bfde167b506423111ddb8cd71930497a40fc54","lessThan":"6cb7f67bc28da787499291a562d49a084d9c90cd","versionType":"git","status":"affected"},{"version":"a0bfde167b506423111ddb8cd71930497a40fc54","lessThan":"22559ad7654f61727fc270ee4893da9f4b70cf17","versionType":"git","status":"affected"},{"version":"a0bfde167b506423111ddb8cd71930497a40fc54","lessThan":"77981a507aa0fc001dc37f0dd6631dd2042fed17","versionType":"git","status":"affected"},{"version":"a0bfde167b506423111ddb8cd71930497a40fc54","lessThan":"665da0baaf0396f9ed3c86ccb3955dcd0b73e774","versionType":"git","status":"affected"},{"version":"a0bfde167b506423111ddb8cd71930497a40fc54","lessThan":"5ddb8014261137cadaf83ab5617a588d80a22586","versionType":"git","status":"affected"},{"version":"b475c1109251e30ec21fb574d72a1c71a4ab0039","versionType":"git","status":"affected"},{"version":"2ccde10127447c1a5caad8469fede945bdb62fdf","versionType":"git","status":"affected"},{"version":"6.4.16","lessThan":"6.5","versionType":"semver","status":"affected"},{"version":"6.5.3","lessThan":"6.6","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/hci_event.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.16","versionEndExcluding":"6.5","matchCriteriaId":"A5099559-2D15-42A5-A561-71B34FEFF36F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.3","versionEndExcluding":"6.6.140","matchCriteriaId":"1E4E7E45-40E7-41E9-84CC-CE425209B422"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22559ad7654f61727fc270ee4893da9f4b70cf17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5ddb8014261137cadaf83ab5617a588d80a22586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/665da0baaf0396f9ed3c86ccb3955dcd0b73e774","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6cb7f67bc28da787499291a562d49a084d9c90cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/77981a507aa0fc001dc37f0dd6631dd2042fed17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46139","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.470","lastModified":"2026-06-24T17:26:46.547","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: use kzalloc to zero-initialize security descriptor buffer\n\nCommit 62e7dd0a39c2d (\"smb: common: change the data type of num_aces\nto le16\") split struct smb_acl's __le32 num_aces field into __le16\nnum_aces and __le16 reserved. The reserved field corresponds to Sbz2\nin the MS-DTYP ACL wire format, which must be zero [1].\n\nWhen building an ACL descriptor in build_sec_desc(), we are using a\nkmalloc()'ed descriptor buffer and writing the fields explicitly using\nle16() writes now. This never writes to the 2 byte reserved field,\nleaving it as uninitialized heap data.\n\nWhen the reserved field happens to contain non-zero slab garbage,\nSamba rejects the security descriptor with \"ndr_pull_security_descriptor\nfailed: Range Error\", causing chmod to fail with EINVAL.\n\nChange kmalloc() to kzalloc() to ensure the entire buffer is\nzero-initialized.\n\n\n[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/client/cifsacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1593ddb37bd124c131fe635397df68e854a03108","lessThan":"4c3ed344a970aad51388ac3b0145b98318f0e21f","versionType":"git","status":"affected"},{"version":"da087905e3270e2291c0afae39a28e7d183e5ec3","lessThan":"941a1e6eb35440336913afc88a82103291956d5d","versionType":"git","status":"affected"},{"version":"62e7dd0a39c2d0d7ff03274c36df971f1b3d2d0d","lessThan":"be1ef9512a3f5a755895c24f31b334342f4aa15b","versionType":"git","status":"affected"},{"version":"62e7dd0a39c2d0d7ff03274c36df971f1b3d2d0d","lessThan":"9bdb2ca31368b7671949dfb94a5d57ffccd01edd","versionType":"git","status":"affected"},{"version":"62e7dd0a39c2d0d7ff03274c36df971f1b3d2d0d","lessThan":"5e489c6c47a2ac15edbaca153b9348e42c1eacab","versionType":"git","status":"affected"},{"version":"191f2f444745087c3c51fd6042a0e25f42315ab0","versionType":"git","status":"affected"},{"version":"6.12.23","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"6.13.11","lessThan":"6.14","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/client/cifsacl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.23","versionEndExcluding":"6.12.88","matchCriteriaId":"1FB529E7-FAB4-45C3-84BA-2641F8232248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.11","versionEndExcluding":"6.14","matchCriteriaId":"124AE182-7E9F-4410-9E08-5976ED49C6A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.1","versionEndExcluding":"6.18.30","matchCriteriaId":"19DACE01-5621-4E56-A8BB-D35CC886C53C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*","matchCriteriaId":"7DE421BA-0600-4401-A175-73CAB6A6FB4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*","matchCriteriaId":"1759FFB7-531C-41B1-9AE1-FD3D80E0D920"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*","matchCriteriaId":"AD948719-8628-4421-A340-1066314BBD4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4c3ed344a970aad51388ac3b0145b98318f0e21f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e489c6c47a2ac15edbaca153b9348e42c1eacab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/941a1e6eb35440336913afc88a82103291956d5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bdb2ca31368b7671949dfb94a5d57ffccd01edd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be1ef9512a3f5a755895c24f31b334342f4aa15b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46141","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.680","lastModified":"2026-06-24T17:08:28.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: fix kmemleak caused by incorrect chip_data lookup\n\nThe kmemleak reports the following memory leak:\n\nUnreferenced object 0xc0000002a7fbc640 (size 64):\n  comm \"kworker/8:1\", pid 540, jiffies 4294937872\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00  ................\n    00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00  ................\n  backtrace (crc 177d48f6):\n    __kmalloc_cache_noprof+0x520/0x730\n    xive_irq_alloc_data.constprop.0+0x40/0xe0\n    xive_irq_domain_alloc+0xd0/0x1b0\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    pseries_irq_domain_alloc+0x1cc/0x354\n    irq_domain_alloc_irqs_parent+0x44/0x6c\n    msi_domain_alloc+0xb0/0x220\n    irq_domain_alloc_irqs_locked+0x138/0x4d0\n    __irq_domain_alloc_irqs+0x8c/0xfc\n    __msi_domain_alloc_irqs+0x214/0x4d8\n    msi_domain_alloc_irqs_all_locked+0x70/0xf8\n    pci_msi_setup_msi_irqs+0x60/0x78\n    __pci_enable_msix_range+0x54c/0x98c\n    pci_alloc_irq_vectors_affinity+0x16c/0x1d4\n    nvme_pci_enable+0xac/0x9c0 [nvme]\n    nvme_probe+0x340/0x764 [nvme]\n\nThis occurs when allocating MSI-X vectors for an NVMe device. During\nallocation the XIVE code creates a struct xive_irq_data and stores it\nin irq_data->chip_data.\n\nWhen the MSI-X irqdomain is later freed, xive_irq_free_data() is\nresponsible for retrieving this structure and freeing it. However,\nafter commit cc0cc23babc9 (\"powerpc/xive: Untangle xive from child\ninterrupt controller drivers\"), xive_irq_free_data() retrieves the\nchip_data using irq_get_chip_data(), which looks up the data through\nthe child domain.\n\nThis is incorrect because the XIVE-specific irq data is associated with\nthe XIVE (parent) domain. As a result the lookup fails and the allocated\nstruct xive_irq_data is never freed, leading to the kmemleak report\nshown above.\n\nFix this by retrieving the irq_data from the correct domain using\nirq_domain_get_irq_data() and then accessing the chip_data via\nirq_data_get_irq_chip_data()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/sysdev/xive/common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cc0cc23babc979e399f34f53e4bccf702a389558","lessThan":"2546fb8c9acc8c7512ed4339ce2a982cb7407065","versionType":"git","status":"affected"},{"version":"cc0cc23babc979e399f34f53e4bccf702a389558","lessThan":"e66ed135cdf23a318e9727dca48f98f7f6142f78","versionType":"git","status":"affected"},{"version":"cc0cc23babc979e399f34f53e4bccf702a389558","lessThan":"6771c54728c278bf1e4bfdab4fddbbb186e33498","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/sysdev/xive/common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.30","matchCriteriaId":"9EB9FADE-E22F-41C2-9790-4F5564D59E62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2546fb8c9acc8c7512ed4339ce2a982cb7407065","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6771c54728c278bf1e4bfdab4fddbbb186e33498","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e66ed135cdf23a318e9727dca48f98f7f6142f78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46142","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.790","lastModified":"2026-06-24T17:07:50.287","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: fix VF illegal register access\n\nRegister WX_CFG_PORT_ST is a PF restricted register. When a VF is\ninitialized, attempting to read this register triggers an illegal\nregister access, which lead to a system hang.\n\nWhen the device is VF, the bus function ID can be obtained directly from\nthe PCI_FUNC(pdev->devfn)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_hw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d4187ec2641061748480cdc944fd07653fad50d5","lessThan":"d3bd8040497968f6f5470018724ef7b0df92f707","versionType":"git","status":"affected"},{"version":"f0b3ecdbb5bbee8ca6b2892aba3988c8a3ce858e","lessThan":"f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0","versionType":"git","status":"affected"},{"version":"a04ea57aae375bdda1cb57034d8bcbb351e1f973","lessThan":"33c5bb50b9c40e8451e6aec4487a31d794b98d92","versionType":"git","status":"affected"},{"version":"a04ea57aae375bdda1cb57034d8bcbb351e1f973","lessThan":"68a007a701bc06fa426507c551ef12514f2e721d","versionType":"git","status":"affected"},{"version":"a04ea57aae375bdda1cb57034d8bcbb351e1f973","lessThan":"694de316f607fe2473d52ca0707e3918e72c1562","versionType":"git","status":"affected"},{"version":"93e52b75f11a8f39b22993ae315b5b9a6b2668a3","versionType":"git","status":"affected"},{"version":"6.6.117","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.12.58","lessThan":"6.12.88","versionType":"semver","status":"affected"},{"version":"6.17.8","lessThan":"6.18","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_hw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.117","versionEndExcluding":"6.6.140","matchCriteriaId":"F383A2C1-6444-4D5F-AC88-11F57C67C624"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.58","versionEndExcluding":"6.12.88","matchCriteriaId":"F903A5AC-BF29-4FC6-89A5-C37D434AC69C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17.8","versionEndExcluding":"6.18","matchCriteriaId":"57D56998-E0C3-4F58-BBF0-B20D1B4322C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.1","versionEndExcluding":"6.18.30","matchCriteriaId":"F39F06A9-4AEA-437A-A2C4-79F93464CA8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*","matchCriteriaId":"DCE57113-2223-4308-A0F2-5E6ECFBB3C23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc5:*:*:*:*:*:*","matchCriteriaId":"2545FB83-C4A6-4F62-9ED1-09F75D2E3C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc6:*:*:*:*:*:*","matchCriteriaId":"E955EC5D-4684-4B5D-AE4D-F2BF9ADDBA1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*","matchCriteriaId":"38C4D89F-9A13-4D29-8645-C9785C142C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33c5bb50b9c40e8451e6aec4487a31d794b98d92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68a007a701bc06fa426507c551ef12514f2e721d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/694de316f607fe2473d52ca0707e3918e72c1562","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3bd8040497968f6f5470018724ef7b0df92f707","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f6e656f7cea16b638675a2ab7d7e4cf2516c5eb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46143","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:29.903","lastModified":"2026-06-24T17:03:51.830","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens\n\nAs prepare can be called mulitple times, this can result in multiple\ngraph opens for playback path.\n\nThis will result in a memory leaks, fix this by adding a check before\nopening."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/soc/qcom/qdsp6/q6apm-lpass-dais.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f6e1138d76cc684de3b851fc5cc5dac023a3ee89","lessThan":"af9cc7c622e596455c5190e6ef53c5b40ea7a90d","versionType":"git","status":"affected"},{"version":"b377d4df8fb00f861acf1a4d48de17b74cf535aa","lessThan":"3141d8b00cad6d3331953c79060ccc3a0262311b","versionType":"git","status":"affected"},{"version":"be1fae62cf253a5b67526cee9fbc07689b97c125","lessThan":"c91b7bcc70346d07f57ef03d1b9a338324e213de","versionType":"git","status":"affected"},{"version":"be1fae62cf253a5b67526cee9fbc07689b97c125","lessThan":"7cab9f2ad51c858263da836baebad050a1bc7914","versionType":"git","status":"affected"},{"version":"be1fae62cf253a5b67526cee9fbc07689b97c125","lessThan":"b97493f0f42ab9d882a62466782e1900e481a9d6","versionType":"git","status":"affected"},{"version":"be1fae62cf253a5b67526cee9fbc07689b97c125","lessThan":"69acc488aaf39d0ddf6c3cf0e47c1873d39919a2","versionType":"git","status":"affected"},{"version":"ee211a845d122ca19dc6a65bbd88c085bee2a57c","versionType":"git","status":"affected"},{"version":"6.1.154","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.37","lessThan":"6.6.140","versionType":"semver","status":"affected"},{"version":"6.9.8","lessThan":"6.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/soc/qcom/qdsp6/q6apm-lpass-dais.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.154","versionEndExcluding":"6.1.175","matchCriteriaId":"DFA3D95A-C805-4368-A693-23D1D8D8C4F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.37","versionEndExcluding":"6.6.140","matchCriteriaId":"86FB4398-4308-420D-AACB-ABAAA7D460C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.8","versionEndExcluding":"6.10","matchCriteriaId":"7CD11465-AFC4-428F-A933-C8F6486DDC2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.1","versionEndExcluding":"6.12.88","matchCriteriaId":"EC69A5EB-9622-47F0-B597-EE0C61AEE8A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*","matchCriteriaId":"9EA80796-744E-45F5-8632-2AB4F7889FCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*","matchCriteriaId":"8F3E9E0C-AC3E-4967-AF80-6483E8AB0078"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*","matchCriteriaId":"11AF4CB9-F697-4EA4-8903-8F9417EFDA8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3141d8b00cad6d3331953c79060ccc3a0262311b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69acc488aaf39d0ddf6c3cf0e47c1873d39919a2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7cab9f2ad51c858263da836baebad050a1bc7914","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af9cc7c622e596455c5190e6ef53c5b40ea7a90d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b97493f0f42ab9d882a62466782e1900e481a9d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c91b7bcc70346d07f57ef03d1b9a338324e213de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-49322","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T08:16:19.060","lastModified":"2026-06-27T09:16:23.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Wireless Control Module (WCM)","Infotainment / Digital Round"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T15:01:05.171770Z","id":"CVE-2026-49322","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49322-indian-scout-infotainment-wcm-weak-authentication","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49323","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T13:16:23.407","lastModified":"2026-06-27T09:16:23.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively observing a single seed/key exchange. The WCM derives its response using a reversible, non-cryptographic operation rather than a cryptographic challenge-response, so the persistent immobilizer secret can be reconstructed from one captured exchange. With this secret the attacker can authenticate to the ECM independently of the WCM and start the engine, defeating the immobilizer. Specific protocol details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Wireless Control Module (WCM)","Engine Control Module (ECM)"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T13:31:09.706928Z","id":"CVE-2026-49323","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-798"},{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49323-indian-scout-wcm-ecm-weak-authentication","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49324","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T13:16:23.557","lastModified":"2026-06-27T09:16:23.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the immobilizer authentication algorithm, but the lockout counter is reachable by any unauthenticated message, has no session binding, and does not reset on power cycle. An attacker can deliberately trip the lockout with a small number of crafted frames, leaving the bike un-startable until dealer service. Specific thresholds have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Wireless Control Module (WCM)"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T13:29:04.419365Z","id":"CVE-2026-49324","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-307"},{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49324-indian-scout-wcm-bruteforce-lockout-dos","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49316","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.480","lastModified":"2026-06-27T09:16:23.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Wireless Control Module (WCM)"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T15:26:52.193932Z","id":"CVE-2026-49316","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-440"},{"lang":"en","value":"CWE-693"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/440.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49317","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.630","lastModified":"2026-06-27T09:16:23.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Infotainment / Digital Round"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T15:26:06.725714Z","id":"CVE-2026-49317","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-696"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/696.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49318","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.780","lastModified":"2026-06-27T09:16:23.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Infotainment / Digital Round"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T14:07:21.099266Z","id":"CVE-2026-49318","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-696"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/696.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49325","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:33.067","lastModified":"2026-06-27T09:16:23.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via a falling-edge voltage transition on a dedicated wire pair. The receiving ECU does not distinguish between an active shutdown pulse and an open-circuit / disconnected condition; interrupting the relevant wires leaves the motorcycle fully operable even though the WCM never validated the rider's PIN. Specific connector details have been withheld pending vendor remediation."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Indian Motorcycle","product":"Scout Bobber + Tech","defaultStatus":"unknown","modules":["Wireless Control Module (WCM)","Vehicle Control Module (VCM)"],"platforms":["OEM Motorcycle"],"versions":[{"version":"2025","versionType":"model-year","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-29T15:27:10.878359Z","id":"CVE-2026-49325","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-693"},{"lang":"en","value":"CWE-754"},{"lang":"en","value":"CWE-1384"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/1384.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-10517","sourceIdentifier":"secalert@redhat.com","published":"2026-06-01T09:16:16.447","lastModified":"2026-06-26T00:16:50.303","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/clair-rhel8","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/clair-rhel9","cpes":["cpe:/a:redhat:quay:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T10:21:59.947029Z","id":"CVE-2026-10517","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10517","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486779","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-10611","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-02T14:16:44.867","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.\n\n\n\nAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\n\n\n\nThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-02T16:05:11.918483Z","id":"CVE-2026-10611","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/39b3cb15aac4318afdd2ab63b96c2eac12b271fe","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10854","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T14:16:37.630","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially exposing private galaxy metadata such as galaxy type and description to users who should not have visibility.\n\n\n\nThe issue has been fixed by restricting galaxy queries for non-site-admin users to galaxies owned by the user’s organisation or galaxies with a non-private distribution setting. Site administrators retain visibility of all enabled galaxies."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:53:26.910812Z","id":"CVE-2026-10854","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/d3adfe1a097dd4b403364e9af34e208660eeec1a","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10855","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T14:16:37.797","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the existing template. As a result, an authenticated user with access to the template import functionality could forcibly overwrite an event template owned by another organization.\n\n\n\nSuccessful exploitation could allow unauthorized modification of another organization’s event template, potentially altering template structure, attributes, or metadata used for subsequent event creation or sharing workflows. Site administrators are not affected by this restriction, as they are explicitly allowed to overwrite templates across organizations.\n\n\n\nThe issue was fixed by enforcing an ownership check before overwrite: non-site-admin users may only overwrite templates owned by their own organization."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/misp/misp","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:52:21.065382Z","id":"CVE-2026-10855","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/7c2200d143bef86aaf58d701b6968a843097db69","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10856","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T14:16:37.947","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths beginning with a slash followed by a backslash, such as /\\example.com. Some browsers normalize backslashes in URLs as forward slashes, which can turn this into a scheme-relative external navigation target. In addition, the generated href concatenated the reconstructed URL with the original URL, increasing the possibility of unsafe or malformed link generation.\n\n\n\n\nAn attacker able to configure or influence a dashboard button URL could craft a button that appears to point inside the application but redirects users to an attacker-controlled site when clicked. This could be used for phishing, credential theft, or social engineering. The patch fixes the issue by rejecting empty paths and paths starting with /\\, and by emitting only the reconstructed validated URL in the anchor href."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:47:03.689030Z","id":"CVE-2026-10856","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/f879f16fb5db7a9aab0a70fdcafea12ce4847e9a","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10861","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T14:16:38.090","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path.\n\n\n\n\nAn unauthenticated remote attacker could craft a link that causes a victim to visit a trusted MISP instance and, after successful authentication, be redirected to an attacker-controlled external URL. This could be abused to increase the credibility of phishing attacks, redirect users to counterfeit login pages, or deliver attacker-controlled content from an untrusted domain. CWE-601 describes this weakness as accepting user-controlled input that specifies an external link and using it in a redirect, with phishing as a common consequence. \n\n\n\n\nThe patch mitigates the issue by decoding and parsing the URL, rejecting URLs with a scheme, host, user component, missing or non-local path, and protocol-relative forms such as //example.com and /\\example.com."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:45:04.944521Z","id":"CVE-2026-10861","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/ae760b7bf534f2798810d59a1f961b31adb3443e","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10860","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T15:16:49.433","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the expression was evaluated as ($validationError === null && POST) || DELETE, meaning a DELETE request could proceed even when the delete validation callback had rejected the operation. An authenticated attacker with access to an affected delete endpoint could abuse this flaw to delete records that should have been protected by application-level validation or authorization checks."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T17:12:22.589498Z","id":"CVE-2026-10860","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/a5877559dc88ad7a0c935910a652c130489ae2bd","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10863","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T15:16:49.690","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value was processed by the underlying data access layer, this could allow manipulation of database query ordering and potentially expose the application to unsafe query construction.\n\n\n\nThe patch removes order from the set of request-controlled parameters and instead sets the ordering server-side to occurrence desc after processing allowed user parameters.\n\n\n\nAffected component:\napp/Controller/CorrelationsController.php, overCorrelations()\n\n\n\nSecurity impact:\nAn authenticated attacker could influence the ordering clause used by the over-correlations query. The direct impact appears limited to query manipulation unless further evidence confirms SQL injection or unauthorized data exposure through the manipulated ordering expression."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T15:36:04.954834Z","id":"CVE-2026-10863","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/aa094a335ba2855f8a42a1dc44398f43560fe247","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-10864","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-04T15:16:49.850","lastModified":"2026-06-22T19:23:18.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause the underlying query to fall back to returning unintended model fields.\n\n\n\nFor the New Users widget, this could allow a non-site-admin user to obtain user e-mail addresses even when user e-mail disclosure was disabled by configuration. For the New Organisations widget, crafted field selection could similarly result in unintended organisation fields being included in the dashboard response.\n\n\n\nThe issue was caused by applying field filtering and redaction in a way that could leave the selected field list empty. The patch ensures that the allowed field list is built safely, that restricted fields such as user e-mail addresses are removed before user-supplied field selection is processed, and that an empty field selection falls back only to the permitted default fields.\n\n\n\nImpact:\nAn authenticated low-privileged user with access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata, including user e-mail addresses depending on configuration."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.5.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T15:16:40.025966Z","id":"CVE-2026-10864","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.39","matchCriteriaId":"F36ADE45-6CDA-466B-B002-321EA1414EB4"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/8722fda035b5b622de387ae1dd0159d71ff1e22e","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-9088","sourceIdentifier":"secalert@redhat.com","published":"2026-06-05T08:16:30.990","lastModified":"2026-06-26T08:16:26.393","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4.13-1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"versions":[{"version":"26.4-19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.13","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-operator-bundle","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6.3-3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"],"versions":[{"version":"26.6-6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Keycloak 26.6.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:26.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T13:10:30.927804Z","id":"CVE-2026-9088","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1220"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:25097","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30049","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30050","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9088","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480179","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-49494","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-07T13:16:20.927","lastModified":"2026-06-23T15:16:35.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Xcitium Client Security (XCS) before 13.8.2.10019 and Comodo Internet Security (CIS) through 12.3.4.8162 (fix expected by 2026 Q3) contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6 packet with a declared payload length smaller than the sum of its extension-header lengths. The unsigned 64-bit payload-length value underflows to a near-maximal integer, triggering an out-of-bounds read and oversized memcpy in the Windows kernel at DISPATCH_LEVEL, resulting in a blue screen of death even on hosts with all ports blocked."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Xcitium (formerly Comodo Security Solutions)","product":"Comodo Internet Security","defaultStatus":"unaffected","modules":["Inspect.sys"],"versions":[{"version":"0","lessThanOrEqual":"12.3.4.8162","versionType":"custom","status":"affected"}]},{"vendor":"Xcitium","product":"Xcitium Client Security (XCS)","defaultStatus":"affected","versions":[{"version":"0","lessThan":"13.8.2.10019","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-08T15:16:19.372196Z","id":"CVE-2026-49494","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"references":[{"url":"https://github.com/MalwareTech/ComoDoS","source":"disclosure@vulncheck.com"},{"url":"https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html","source":"disclosure@vulncheck.com"},{"url":"https://updates.xcitium.com/#note11312","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/xcitium-client-security-comodo-internet-security-remote-dos","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-41710","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.147","lastModified":"2026-06-23T21:16:57.423","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.\n\nAffected versions:\nSpring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Retry","defaultStatus":"unaffected","versions":[{"version":"2.0.0","lessThan":"2.0.12.1","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThan":"1.3.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:43:54.447108Z","id":"CVE-2026-41710","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41710","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41715","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.263","lastModified":"2026-06-23T21:16:57.520","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Reactor Netty","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"1.0.52","versionType":"custom","status":"affected"},{"version":"1.1.0","lessThan":"1.1.36","versionType":"custom","status":"affected"},{"version":"1.2.0","lessThan":"1.2.17.1","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThan":"1.3.15.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:43:15.959618Z","id":"CVE-2026-41715","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41715","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41720","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.377","lastModified":"2026-06-23T21:16:57.613","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password.\n\nAffected versions:\nSpring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring LDAP","defaultStatus":"unaffected","versions":[{"version":"2.4.0","lessThan":"2.4.5","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.18","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.7.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T00:00:00+00:00","id":"CVE-2026-41720","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41720","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41839","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.850","lastModified":"2026-06-23T21:16:57.710","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:30:25.839375Z","id":"CVE-2026-41839","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41839","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41840","sourceIdentifier":"security@vmware.com","published":"2026-06-09T05:16:35.967","lastModified":"2026-06-26T16:21:49.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.\nAffected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Framework","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.7.1","versionType":"custom","status":"affected"},{"version":"6.2.0","lessThan":"6.2.18.1","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.28","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.49","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:31:02.488493Z","id":"CVE-2026-41840","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.49","matchCriteriaId":"9394F974-169E-4FB0-A85B-0114477DE421"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.28","matchCriteriaId":"CE392CE7-5DA3-4DBE-B22C-27781E204B7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.18.1","matchCriteriaId":"8D4BC30C-3E08-4A62-992D-4D2274844D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7.1","matchCriteriaId":"569A2EF8-281F-4D8A-A76C-79ED67826B38"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41840","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-24349","sourceIdentifier":"productcert@siemens.com","published":"2026-06-09T10:16:42.967","lastModified":"2026-06-26T13:43:48.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information."}],"affected":[{"source":"productcert@siemens.com","affectedData":[{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V16","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V17","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V18","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V19","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V20","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC WinCC Unified PC Runtime V21","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V21 Update 2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T12:54:10.341457Z","id":"CVE-2026-24349","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-313"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:*:*:*:*:*:*:*:*","versionStartIncluding":"16","versionEndIncluding":"20","matchCriteriaId":"CEF729E0-97B1-411A-B389-380D66DFA90D"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:21:-:*:*:*:*:*:*","matchCriteriaId":"D4F8BBA0-A5EB-4B5D-AAA5-8BD4DAC9E892"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_wincc_unified_pc_runtime:21:update1:*:*:*:*:*:*","matchCriteriaId":"1CD85751-05B5-43B0-A5B5-624955D62190"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-063511.html","source":"productcert@siemens.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52902","sourceIdentifier":"secalert@redhat.com","published":"2026-06-09T10:16:44.830","lastModified":"2026-06-25T23:17:03.493","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using \"awx --conf.format yaml import\". This is a client-side vulnerability requiring user interaction."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/ee-supported-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/platform-resource-runner-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/ee-supported-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/platform-resource-runner-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/ee-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/platform-resource-runner-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller-cli","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T16:07:06.188811Z","id":"CVE-2026-52902","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-52902","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486729","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-10523","sourceIdentifier":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","published":"2026-06-09T16:16:35.837","lastModified":"2026-06-22T20:07:04.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access"}],"affected":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","affectedData":[{"vendor":"ivanti","product":"Sentry","defaultStatus":"affected","versions":[{"version":"R10.5.2","status":"unaffected"},{"version":"R10.6.2","status":"unaffected"},{"version":"R10.7.1","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T00:00:00+00:00","id":"CVE-2026-10523","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:standalone_sentry:*:*:*:*:*:*:*:*","versionEndExcluding":"10.5.2","matchCriteriaId":"C33107C3-2CB4-495C-ACB2-F1440ADAA2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:standalone_sentry:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"10.6.2","matchCriteriaId":"F5579D89-84ED-45BA-922F-B84DC5E3EE93"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:standalone_sentry:10.7.0:*:*:*:*:*:*:*","matchCriteriaId":"7F16798C-197D-4CED-BCD1-9C93A28D29D2"}]}]}],"references":[{"url":"https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8045","sourceIdentifier":"cybersecurity@se.com","published":"2026-06-09T16:16:44.453","lastModified":"2026-06-23T15:04:05.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EcoStruxure™ IT Data Center Expert","defaultStatus":"unaffected","versions":[{"version":"v9.1.1 and Prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T16:01:04.840915Z","id":"CVE-2026-8045","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*","versionEndExcluding":"9.1.2","matchCriteriaId":"69B7963D-BD46-4408-8119-F1DB84FB0624"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-01.pdf","source":"cybersecurity@se.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45476","sourceIdentifier":"secure@microsoft.com","published":"2026-06-09T17:17:22.140","lastModified":"2026-06-23T17:08:38.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Linux kernel - Microsoft MANA Network Driver","versions":[{"version":"1.0.0","lessThan":"7.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:57:37.665620Z","id":"CVE-2026-45476","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_network_adapter:-:*:*:*:*:linux_kernel:*:*","matchCriteriaId":"CF68C688-8E49-4B11-8D52-EE97EA4030B5"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45476","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41701","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:51.107","lastModified":"2026-06-23T21:16:57.323","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring AMQP","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.3.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.10.1","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.16","versionType":"custom","status":"affected"},{"version":"2.4.0","lessThan":"2.4.18","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T13:04:42.963494Z","id":"CVE-2026-41701","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41701","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-50637","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-10T19:16:37.263","lastModified":"2026-06-24T14:43:50.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions) allow mutiple metrics, separated by newlines, to be sent per packet.\n\nThe send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible.\n\nVersion 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PEVANS","product":"Metrics::Any::Adapter::Statsd","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Metrics-Any-Adapter-Statsd","programRoutines":[{"name":"Metrics::Any::Adapter::Statsd::_make"},{"name":"Metrics::Any::Adapter::Statsd::send"}],"versions":[{"version":"0","lessThan":"0.04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T19:09:57.520776Z","id":"CVE-2026-50637","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pevans:metrics\\:\\:any\\:\\:adapter\\:\\:statsd:*:*:*:*:*:perl:*:*","versionEndExcluding":"0.04","matchCriteriaId":"51318A40-45D0-4486-BAE7-835C8E5589FF"}]}]}],"references":[{"url":"https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46719","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46720","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46739","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50638","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50639","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-50638","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-10T19:16:37.380","lastModified":"2026-06-24T14:43:55.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PEVANS","product":"Metrics::Any::Adapter::DogStatsd","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Metrics-Any-Adapter-Statsd","programRoutines":[{"name":"Metrics::Any::Adapter::DogStatsd::_tags"}],"versions":[{"version":"0","lessThan":"0.04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T19:10:59.333211Z","id":"CVE-2026-50638","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pevans:metrics\\:\\:any\\:\\:adapter\\:\\:dogstatsd:*:*:*:*:*:perl:*:*","versionEndExcluding":"0.04","matchCriteriaId":"F8CCD1A4-A8AF-49EC-8C9A-87BBD2168881"}]}]}],"references":[{"url":"https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50637","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50639","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9270","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-50639","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-10T19:16:37.483","lastModified":"2026-06-23T15:45:15.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PEVANS","product":"Metrics::Any::Adapter::SignalFx","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Metrics-Any-Adapter-Statsd","programRoutines":[{"name":"Metrics::Any::Adapter::SignalFx:_labels"},{"name":"Metrics::Any::Adapter::SignalFx::send"}],"versions":[{"version":"0","lessThan":"0.04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T19:38:09.757142Z","id":"CVE-2026-50639","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-150"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pevans:metrics\\:\\:any\\:\\:adapter\\:\\:signalfx:*:*:*:*:*:perl:*:*","versionEndExcluding":"0.04","matchCriteriaId":"B2108359-7D8A-484B-999E-C7D6130D41B9"}]}]}],"references":[{"url":"https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50637","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50638","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9270","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-40985","sourceIdentifier":"security@vmware.com","published":"2026-06-11T05:16:33.757","lastModified":"2026-06-23T20:16:47.353","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.\n\nAffected versions:\nSpring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Flow","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.0.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.1.1","versionType":"custom","status":"affected"},{"version":"2.5.0","lessThan":"2.5.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:47:01.292975Z","id":"CVE-2026-40985","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40985","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40986","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:26.920","lastModified":"2026-06-23T21:16:56.263","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not \"text/html\", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker.\n\nAffected versions:\nSpring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Flow","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.0.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"3.0.1.1","versionType":"custom","status":"affected"},{"version":"2.5.0","lessThan":"2.5.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:46:39.516114Z","id":"CVE-2026-40986","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40986","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40987","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.053","lastModified":"2026-06-23T21:16:56.367","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.\n\nAffected versions:\nSpring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Integration","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.0.4.1","versionType":"custom","status":"affected"},{"version":"6.5.0","lessThan":"6.5.8.1","versionType":"custom","status":"affected"},{"version":"6.4.0","lessThan":"6.4.12","versionType":"custom","status":"affected"},{"version":"6.3.0","lessThan":"6.3.15","versionType":"custom","status":"affected"},{"version":"5.5.0","lessThan":"5.5.21","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:46:16.495655Z","id":"CVE-2026-40987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40987","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40992","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.177","lastModified":"2026-06-23T21:16:56.460","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected.\n\nAffected versions:\nSpring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Boot","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.6.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.14.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:45:53.521120Z","id":"CVE-2026-40992","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40992","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40994","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.297","lastModified":"2026-06-23T21:16:56.550","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level checks.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:45:31.963179Z","id":"CVE-2026-40994","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40994","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40995","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.430","lastModified":"2026-06-23T21:16:56.647","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks (disabled, locked, expired, or credentials-expired accounts).\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:45:07.868437Z","id":"CVE-2026-40995","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40995","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40996","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.550","lastModified":"2026-06-23T21:16:56.743","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:44:42.180161Z","id":"CVE-2026-40996","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40996","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40997","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.663","lastModified":"2026-06-23T21:16:56.843","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote attackers in distinguishing valid accounts from invalid ones and inferring lifecycle state.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T12:44:15.490096Z","id":"CVE-2026-40997","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40997","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40998","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.787","lastModified":"2026-06-23T21:16:56.940","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:53:30.481043Z","id":"CVE-2026-40998","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40998","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-40999","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:27.907","lastModified":"2026-06-23T21:16:57.033","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T15:06:46.401478Z","id":"CVE-2026-40999","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40999","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41000","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:28.037","lastModified":"2026-06-23T21:16:57.133","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Web Services","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.3.1","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.19","versionType":"custom","status":"affected"},{"version":"3.1.0","lessThan":"3.1.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T15:13:14.068411Z","id":"CVE-2026-41000","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41000","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-41001","sourceIdentifier":"security@vmware.com","published":"2026-06-11T07:16:28.163","lastModified":"2026-06-23T21:16:57.227","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts.\n\nAffected versions:\nSpring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Boot","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.6.1","versionType":"custom","status":"affected"},{"version":"3.5.0","lessThan":"3.5.14.1","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.17","versionType":"custom","status":"affected"},{"version":"3.3.0","lessThan":"3.3.20","versionType":"custom","status":"affected"},{"version":"2.7.0","lessThan":"2.7.34","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T15:13:26.759251Z","id":"CVE-2026-41001","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-377"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41001","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-45176","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T19:16:41.757","lastModified":"2026-06-22T20:27:24.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Idira Endpoint Privilege Manager","defaultStatus":"unaffected","platforms":["Windows","macOS","Linux"],"versions":[{"version":"26.0","lessThan":"26.5","versionType":"custom","status":"affected","changes":[{"at":"26.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-45176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_endpoint_privilege_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5.0","matchCriteriaId":"175B75C1-F448-40CC-812A-1749647B6121"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45177","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T19:16:41.903","lastModified":"2026-06-22T18:06:25.357","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Conjur Cloud (Edge Finding only)","defaultStatus":"unaffected","platforms":["Idira Secrets Manager Saas - Edge"],"versions":[{"version":"1.0","lessThan":"1.8","versionType":"custom","status":"affected","changes":[{"at":"1.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T19:03:15.620128Z","id":"CVE-2026-45177","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_secrets_manager_edge:*:*:*:*:saas:*:*:*","versionEndExcluding":"1.8","matchCriteriaId":"9DC2958E-67FA-435D-BE15-557393CC1519"}]}]}],"references":[{"url":"https://docs.cyberark.com/secrets-manager-saas/latest/en/content/conjurcloud/whatsnew.htm#May132026","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45178","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T19:16:42.040","lastModified":"2026-06-22T18:20:14.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Conjur Enterprise","defaultStatus":"unaffected","platforms":["Idira Secrets Manager"],"versions":[{"version":"13.0","lessThan":"13.8.1","versionType":"custom","status":"affected","changes":[{"at":"13.8.1","status":"unaffected"}]}]},{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Conjur Enterprise","defaultStatus":"unaffected","platforms":["Central Credential Provider (CCP)"],"versions":[{"version":"14.0","lessThan":"14.2.6","versionType":"custom","status":"affected","changes":[{"at":"14.2.6","status":"unaffected"}]}]},{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Conjur Enterprise","defaultStatus":"unaffected","platforms":["z/OS Credential Provider"],"versions":[{"version":"14.0","lessThan":"14.2.6","versionType":"custom","status":"affected","changes":[{"at":"14.2.6","status":"unaffected"}]}]},{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Conjur Enterprise","defaultStatus":"unaffected","platforms":["Credential Provider (CP)"],"versions":[{"version":"14.0","lessThan":"14.2.6","versionType":"custom","status":"affected","changes":[{"at":"14.2.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T19:04:30.637534Z","id":"CVE-2026-45178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_secrets_manager:*:*:*:*:self-hosted:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.8.1","matchCriteriaId":"8A016243-90DE-43D3-A916-CCC7A1F513D5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_secrets_manager_credential_providers:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.2.6","matchCriteriaId":"0DC6AD15-0F4E-4D56-935B-DDC89471F7F6"}]}]}],"references":[{"url":"https://docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm?tocpath=Get%20Started%7CRelease%20notes%7C_____1","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm?tocpath=Get%20started%7CRelease%20Notes%7C_____3","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45175","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T20:16:22.653","lastModified":"2026-06-22T20:28:01.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Idira Endpoint Privilege Manager","defaultStatus":"unaffected","platforms":["Windows","macOS","Linux"],"versions":[{"version":"26.0","lessThan":"26.5","versionType":"custom","status":"affected","changes":[{"at":"26.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-45175","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_endpoint_privilege_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5.0","matchCriteriaId":"175B75C1-F448-40CC-812A-1749647B6121"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650control","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-12008","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:53.243","lastModified":"2026-06-23T20:02:27.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-12008","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/516942828","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12012","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:53.700","lastModified":"2026-06-23T20:02:22.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-12012","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/499182801","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12014","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:53.933","lastModified":"2026-06-23T20:02:32.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-12014","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/514742747","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12015","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:54.047","lastModified":"2026-06-23T20:02:19.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:50:45.437801Z","id":"CVE-2026-12015","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/515463295","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12016","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:54.157","lastModified":"2026-06-23T20:02:07.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-12016","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/516482138","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12017","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:54.270","lastModified":"2026-06-23T20:01:31.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T01:36:59.433945Z","id":"CVE-2026-12017","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/516797143","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12018","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:54.373","lastModified":"2026-06-23T20:01:47.943","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T00:00:00+00:00","id":"CVE-2026-12018","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/516808201","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12024","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:54.930","lastModified":"2026-06-23T20:02:38.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T13:58:54.224562Z","id":"CVE-2026-12024","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517086161","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12027","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-11T22:16:55.253","lastModified":"2026-06-23T20:02:35.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.115","lessThan":"149.0.7827.115","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T13:56:11.565820Z","id":"CVE-2026-12027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-250"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.115","matchCriteriaId":"AB1255CD-23EB-44CC-82A6-D409C6698272"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517517155","source":"chrome-cve-admin@google.com","tags":["Issue Tracking","Permissions Required"]}]}},{"cve":{"id":"CVE-2026-45171","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T22:16:57.140","lastModified":"2026-06-23T14:06:36.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Privileged Session Manager, Vault","defaultStatus":"unaffected","versions":[{"version":"14.0","lessThan":"14.0.5","versionType":"custom","status":"affected","changes":[{"at":"14.0.5","status":"unaffected"}]},{"version":"14.2","lessThan":"14.2.5","versionType":"custom","status":"affected","changes":[{"at":"14.2.5","status":"unaffected"}]},{"version":"14.6","lessThan":"14.6.3","versionType":"custom","status":"affected","changes":[{"at":"14.6.3","status":"unaffected"}]},{"version":"15.0","lessThan":"15.0.3","versionType":"custom","status":"affected","changes":[{"at":"15.0.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Amber","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-45171","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.5","matchCriteriaId":"EC340C24-8BA9-4FB6-82AA-F4A9BE932842"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.2","versionEndExcluding":"14.2.5","matchCriteriaId":"B2F5966E-C9A9-4649-95B3-AA3673BC9453"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.6","versionEndExcluding":"14.6.3","matchCriteriaId":"E037B3A2-1388-4CA3-B1AD-C9527538BED6"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.0.3","matchCriteriaId":"9745D2FD-B839-4F2A-A93F-9BB4A3119B5B"}]}]}],"references":[{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-5.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psm.htm#14.6.3","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psm.htm#15.0.3","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45172","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T22:16:57.320","lastModified":"2026-06-23T14:11:13.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"PAM Self-Hosted, Privilege Cloud","defaultStatus":"unaffected","versions":[{"version":"14.0","lessThan":"14.0.6","versionType":"custom","status":"affected","changes":[{"at":"14.0.6","status":"unaffected"}]},{"version":"14.2","lessThan":"14.2.5","versionType":"custom","status":"affected","changes":[{"at":"14.2.5","status":"unaffected"}]},{"version":"14.6","lessThan":"14.6.3","versionType":"custom","status":"affected","changes":[{"at":"14.6.3","status":"unaffected"}]},{"version":"15.0","lessThan":"15.0.2","versionType":"custom","status":"affected","changes":[{"at":"15.0.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-45172","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager_for_ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.6","matchCriteriaId":"88EB6690-9262-42DF-83E5-A6F615F99FAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager_for_ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"14.2","versionEndExcluding":"14.2.5","matchCriteriaId":"961D45A6-523C-41AC-BB12-BE35D5B47B46"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager_for_ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"14.6","versionEndExcluding":"14.6.3","matchCriteriaId":"BDD34D8B-4358-4C0A-BE93-56B73B8B6158"},{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privileged_session_manager_for_ssh:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.0.2","matchCriteriaId":"53582039-FCAD-45D3-B6B9-505BAE26B6CB"}]}]}],"references":[{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-6.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-5.htm","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-psmp.htm#14.6.3","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]},{"url":"https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-psmp.htm#15.0.2","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-45173","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T22:16:57.470","lastModified":"2026-06-22T18:34:58.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Identity Browser Extensions","defaultStatus":"unaffected","platforms":["Firefox","Chrome","Edge"],"versions":[{"version":"26.0.0","lessThan":"26.8.1","versionType":"custom","status":"affected","changes":[{"at":"26.8.1","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T13:40:10.517506Z","id":"CVE-2026-45173","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_identity_browser_extension:*:*:*:*:*:-:*:*","versionStartIncluding":"26.0.0","versionEndExcluding":"26.8.1","matchCriteriaId":"1622D6A4-A3E1-4614-89FC-7F1E447DEDC4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*","matchCriteriaId":"39B565E1-C2F1-44FC-A517-E3130332B17C"},{"vulnerable":false,"criteria":"cpe:2.3:a:microsoft:edge_chromium:-:*:*:*:*:*:*:*","matchCriteriaId":"173E41C2-EF19-44E1-B452-43AAA49BCB00"},{"vulnerable":false,"criteria":"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","matchCriteriaId":"97D4FFCF-5309-43B6-9FD5-680C6D535A7F"}]}]}],"references":[{"url":"https://docs.cyberark.com/find-identity-administration-docs/latest/en/content/getstarted/identity-new-doc-location.htm","source":"psirt@paloaltonetworks.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-45174","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-11T22:16:57.613","lastModified":"2026-06-22T20:28:49.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Idira Endpoint Privilege Manager","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"26.0","lessThan":"26.5","versionType":"custom","status":"affected","changes":[{"at":"26.5","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-45174","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_endpoint_privilege_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"26.5.0","matchCriteriaId":"175B75C1-F448-40CC-812A-1749647B6121"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}],"references":[{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650","source":"psirt@paloaltonetworks.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-11933","sourceIdentifier":"cna@mongodb.com","published":"2026-06-12T02:16:38.527","lastModified":"2026-06-22T14:38:54.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash."}],"affected":[{"source":"cna@mongodb.com","affectedData":[{"vendor":"MongoDB","product":"MongoDB","defaultStatus":"unaffected","versions":[{"version":"8.3.0","lessThanOrEqual":"8.3.3","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.10","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.25","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.36","versionType":"semver","status":"affected"},{"version":"6.0","lessThanOrEqual":"6.0.28","versionType":"semver","status":"affected"},{"version":"5.0","lessThanOrEqual":"5.0.33","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThanOrEqual":"4.4.30","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T00:00:00+00:00","id":"CVE-2026-11933","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.31","matchCriteriaId":"F38E2E03-CA79-4842-9DB5-60299BF7CE76"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.34","matchCriteriaId":"34DD8C78-0DDD-4F96-96D3-634C7752FFBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.29","matchCriteriaId":"915EB558-80D6-45C5-BD03-0168072245B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.37","matchCriteriaId":"459EE2B4-5693-4935-9F13-8CB7E944257C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.26","matchCriteriaId":"C79AA298-3E8D-45B8-AC82-1156CE5B4CAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.11","matchCriteriaId":"24E1D0AF-248A-498E-8537-A5DAF1DE61F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","versionStartIncluding":"8.3.0","versionEndExcluding":"8.3.4","matchCriteriaId":"E291482C-8868-434B-87AC-2125D2375F05"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-128125","source":"cna@mongodb.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45170","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-12T02:16:42.233","lastModified":"2026-06-23T20:16:47.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17"}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Vendor PAM","defaultStatus":"unaffected","versions":[{"version":"1.1.0","lessThan":"1.1.100504","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T13:36:10.801161Z","id":"CVE-2026-45170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:idira_privilege_cloud_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.100504","matchCriteriaId":"D1BE7340-5BC2-47E3-9C7F-2016954C0954"}]}]}],"references":[{"url":"https://docs.cyberark.com/","source":"psirt@paloaltonetworks.com","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-48613","sourceIdentifier":"support@hackerone.com","published":"2026-06-12T04:17:11.327","lastModified":"2026-06-23T05:17:04.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"phpBB","product":"phpBB","defaultStatus":"unaffected","versions":[{"version":"3.3.8","lessThanOrEqual":"3.3.16","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-48613","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.phpbb.com/community/viewtopic.php?t=2672170","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-53407","sourceIdentifier":"security@zoom.us","published":"2026-06-12T19:16:29.973","lastModified":"2026-06-26T20:52:40.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access."}],"affected":[{"source":"security@zoom.us","affectedData":[{"vendor":"Zoom Communications","product":"Zoom Workplace","defaultStatus":"unaffected","platforms":["Android","iOS"],"versions":[{"version":"0","lessThan":"7.0.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T00:00:00+00:00","id":"CVE-2026-53407","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zoom.us","type":"Secondary","description":[{"lang":"en","value":"CWE-939"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"7.0.3","matchCriteriaId":"849B9B0E-375F-49EC-86DD-3C8E6C505C71"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*","versionEndExcluding":"7.0.4","matchCriteriaId":"7F76A339-7CE1-4BAD-A4CB-DCC5217BD77B"}]}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26010","source":"security@zoom.us","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12218","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:22.673","lastModified":"2026-06-27T06:16:30.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Web FastCGI Service"],"versions":[{"version":"108.87.50.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:C/I:C/A:C","baseScore":7.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":5.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T10:32:54.702711Z","id":"CVE-2026-12218","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_beforewifitest_stack_overflow.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12218","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834193","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370861","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370861/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12219","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:23.953","lastModified":"2026-06-27T06:16:31.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 108.87.0.23 is sufficient to resolve this issue. It is advisable to upgrade the affected component."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Web FastCGI Service"],"versions":[{"version":"108.86.0.118","status":"affected"},{"version":"108.87.0.23","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T21:55:48.720036Z","id":"CVE-2026-12219","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_mod_diagnose_CommandShellByType_iperf_time_cmd_injection.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12219","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834204","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370862","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370862/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12220","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:24.113","lastModified":"2026-06-27T06:16:31.133","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and is working on a patch to fix it."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Firmware Chunk Upload handler"],"versions":[{"version":"108.86.0.118","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:C/I:C/A:C","baseScore":7.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":5.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T15:52:49.971836Z","id":"CVE-2026-12220","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_mod_upgrade_SparePartsUpload_stack_overflow.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12220","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834205","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370863","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370863/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12221","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:24.263","lastModified":"2026-06-27T06:16:31.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and is working on a patch to fix it."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Firmware Chunk Upload Handler"],"versions":[{"version":"108.86.0.118","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:C/I:C/A:C","baseScore":7.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":5.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T12:50:29.215688Z","id":"CVE-2026-12221","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_mod_upgrade_Upgrade_chunk_stack_overflow.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12221","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834207","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370864","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370864/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12222","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:24.413","lastModified":"2026-06-27T06:16:31.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs to be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure and is working on a patch to fix it."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Web FastCGI Service"],"versions":[{"version":"108.86.0.118","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:C/I:C/A:C","baseScore":7.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":5.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T13:11:11.186975Z","id":"CVE-2026-12222","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_mod_webd_BlueToothTest_off_by_one.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12222","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834602","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370865","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370865/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12223","sourceIdentifier":"cna@vuldb.com","published":"2026-06-15T06:16:24.567","lastModified":"2026-06-27T06:16:31.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack needs to be initiated within the local network. The exploit is publicly available and might be used. Upgrading to version 108.87.0.23 addresses this issue. Upgrading the affected component is recommended. The vendor explains: \"It has been fixed (...) for our technical support branch. However, please note that this specific support branch firmware is not publicly released yet.\""}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Yealink","product":"SIP-T46U","cpes":["cpe:2.3:a:yealink:sip-t46u:*:*:*:*:*:*:*:*"],"modules":["Web FastCGI Service"],"versions":[{"version":"108.86.0.118","status":"affected"},{"version":"108.87.0.23","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:P/A:P","baseScore":5.2,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":5.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-15T10:28:55.669324Z","id":"CVE-2026-12223","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"http://cdn2.v50to.cc/T46U/T46U_mod_webd_TFTPUploadIperf_system_exec.zip","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12223","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/834603","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370866","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/370866/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-47825","sourceIdentifier":"security@vmware.com","published":"2026-06-15T21:17:13.650","lastModified":"2026-06-23T21:17:01.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.\n\nAffected versions:\nSpring Cloud Gateway 3.1.x (fix 3.1.13).\nSpring Cloud Gateway 4.1.x (fix 4.1.13).\nSpring Cloud Gateway 4.2.x (fix 4.2.9).\nSpring Cloud Gateway 4.3.x (fix 4.3.5).\nSpring Cloud Gateway 5.0.x (fix 5.0.2)."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Cloud Gateway","defaultStatus":"unaffected","versions":[{"version":"3.1.0","lessThan":"3.1.13","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.13","versionType":"custom","status":"affected"},{"version":"4.2.0","lessThan":"4.2.9","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.4.1","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.1.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T14:15:33.149410Z","id":"CVE-2026-47825","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://spring.io/security/cve-2026-47825","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-48708","sourceIdentifier":"security-advisories@github.com","published":"2026-06-15T21:17:15.570","lastModified":"2026-06-24T17:17:01.410","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across all goroutines. Every action execution calls tpl.Parse(source) followed by t.Execute() on this shared instance with no synchronization. When two or more actions execute concurrently (which is the normal case — each ExecRequest spawns a goroutine), a race condition occurs: one goroutine's Parse overwrites the template tree while another goroutine is calling Execute, causing cross-user command contamination, Go runtime panic, and incorrect command execution. This issue has been resolved in version 3000.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OliveTin","product":"OliveTin","versions":[{"version":"< 3000.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T13:39:02.335653Z","id":"CVE-2026-48708","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-567"}]}],"references":[{"url":"https://github.com/OliveTin/OliveTin/commit/d74da9314005954dd49fa20dabf272247bc76519","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/releases/tag/3000.13.0","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/security/advisories/GHSA-7fq5-7wr8-rjwj","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/security/advisories/GHSA-7fq5-7wr8-rjwj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48709","sourceIdentifier":"security-advisories@github.com","published":"2026-06-15T21:17:15.720","lastModified":"2026-06-24T17:17:01.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled (the security-conscious configuration), this endpoint remains accessible to unauthenticated users and can be used as an oracle to enumerate valid action binding IDs and their argument configurations. This issue has been fixed in version 3000.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OliveTin","product":"OliveTin","versions":[{"version":"< 3000.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:45:30.099199Z","id":"CVE-2026-48709","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/OliveTin/OliveTin/commit/a3865704c854061452a4ab5f6d95de3312698ccd","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/releases/tag/3000.13.0","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/security/advisories/GHSA-f637-w7p2-m7fx","source":"security-advisories@github.com"},{"url":"https://github.com/OliveTin/OliveTin/security/advisories/GHSA-f637-w7p2-m7fx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-10640","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-16T15:16:34.317","lastModified":"2026-06-26T20:50:24.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. On the success path the network stack owns and releases the packet's reference (the L2/driver send unrefs it, e.g. ethernet_send - net_pkt_unref), so for a freshly allocated packet with refcount 1 the net_pkt slab block can be freed before the statistics line runs (synchronously when no TX queue thread is configured, or via a concurrent TX thread otherwise).\n\nThe subsequent net_pkt_iface(pkt) reads pkt-iface from the freed slab block, and with CONFIG_NET_STATISTICS_PER_INTERFACE enabled that loaded pointer is dereferenced to increment iface-stats.icmp.sent, a use-after-free (CWE-416). If the slab block was reallocated in the meantime the read/increment targets unrelated or attacker-influenced memory, yielding corrupted statistics, a fault/crash (denial of service), or potential limited memory corruption.\n\nThe vulnerable Neighbor Advertisement path is reachable by any unauthenticated on-link node simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 enabled (handle_ns_input - net_ipv6_send_na).\n\nAffected from v3.3.0 through v4.4.0; the fix uses the already-available iface argument instead of touching the sent packet. Configurations without per-interface statistics dereference only a global counter and are not affected by the memory-safety aspect."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"3.3.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:28:30.797017Z","id":"CVE-2026-10640","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"4.5.0","matchCriteriaId":"7032D8BD-EADE-46BD-861F-2397CC9081BB"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/aaed8332a62b0490a2f3c2cbabe272f575068eaa","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r74c-mr4m-7g9g","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-22451","sourceIdentifier":"security_alert@emc.com","published":"2026-06-16T17:16:27.697","lastModified":"2026-06-23T21:01:48.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.7.3 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T00:00:00+00:00","id":"CVE-2024-22451","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:peripheral_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.1","versionEndExcluding":"1.7.3","matchCriteriaId":"61443179-19F5-423C-85CE-DA183F2AAA23"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000221413/dsa-2024-055-security-update-for-dell-peripheral-manager-uncontrolled-search-path-element-vulnerabilities?lang=en","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12003","sourceIdentifier":"cna@python.org","published":"2026-06-16T17:16:31.667","lastModified":"2026-06-23T18:17:41.487","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"To allow builds of Python to be run from an in-tree layout (rather than\nan installed file layout), the VPATH variable is defined at build time\nand used to locate certain landmarks - specifically,\nModules/setup.local. When this landmark is found relative to VPATH\nrelative to the executable, Python assumes it is running in a source\ntree and generates a different default sys.path. This code remains in\nrelease builds, so that release-ready builds can be built in-tree.\n\nOn Windows, since builds are written to 'PCbuild/', the value of\nVPATH is set to '..\\..', which results in a landmark of\n'..\\..\\Modules\\setup.local'. This path is outside the install directory\nof Python, and may have different permissions, potentially allowing a\nlow-privilege user to create the landmark and an alternative `Lib`\nfolder that will be discovered by an otherwise restricted install.\n\nSuch a setup occurs with the legacy default install location for all\nusers (in the now superseded EXE installer), due to how Windows allows\nall users to create folders in the root directory of their OS drive.\n\nOur recommended mitigation on Windows is to migrate away from the\nlegacy installer and use the new [Python install\nmanager](https://www.python.org/downloads/latest/pymanager/) to install\nfor the current user. Installs where the directory two levels above the\nPython installation directory have equivalent permissions are unaffected\n(in general, a per-user install cannot be modified at all by other\nusers, removing any escalation of privilege risk, and could be directly\nmodified by a privileged user, making the potential tampering\nirrelevant). Alternative mitigations might include preemptively creating\nand restricting access to a `Modules` directory. Be aware that only 3.13\nand 3.14 will receive updated legacy installers - earlier fixes are only\nprovided as sources.\n\nPlatforms other than Windows allow VPATH to be overridden, but as they\ndon't usually use a separated directory in the build for binaries, are\nunlikely to have a landmark reference outside of the install directory.\n\nThe landmark detection involving VPATH is a fallback for when a more\nspecific landmark - .\\pybuilddir.txt - is absent, and was included for\ncompatibility. Future releases of Python will no longer include the\nfallback, and so builds will need to generate or preserve the\npybuilddir.txt file in order to work in-tree. This landmark file has\nbeen generated on Windows since 3.11, and on other platforms for longer."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Software Foundation","product":"CPython","defaultStatus":"unaffected","repo":"https://github.com/python/cpython","versions":[{"version":"0","lessThan":"3.15.0b3","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T17:53:54.916961Z","id":"CVE-2026-12003","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@python.org","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://github.com/python/cpython/commit/16c40f944b7bff724a403cf4902763d095bb4b2a","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/9e863fab283eddca9c2a8f9d1ee30f4dc243e314","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/a86de0bc236fbb9452f98998fc8437e9fca35700","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/b93d6d3399adbd3a5037b6b92fc3587c85ac5d56","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/151544","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/151545","source":"cna@python.org"},{"url":"https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/","source":"cna@python.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/16/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-47748","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T19:16:55.720","lastModified":"2026-06-25T13:55:10.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in src/model.cpp did not consistently check that enough input remained before reading opcode arguments or advancing the parser buffer with a crafted or truncated .ckpt file. Throughout the pickle parser, opcode handlers advanced the parser position with expressions such as buffer += N without first checking that buffer + N <= buffer_end. A truncated file could therefore cause reads past the end of the metadata buffer. LibFuzzer found crashes in under one second using malformed checkpoint inputs. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. This issue has been fixed in version master-584-0a7ae07. If developers are unable to immediately update their applications, they can work around this issue by ensuring they do not load .ckpt checkpoint files from untrusted sources. They should prefer trusted model sources and safer formats such as .safetensors where possible."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"leejet","product":"stable-diffusion.cpp","versions":[{"version":"< master-584-0a7ae07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:41:44.220881Z","id":"CVE-2026-47748","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:leejet:stable-diffusion.cpp:*:*:*:*:*:c\\+\\+:*:*","versionEndExcluding":"master-584-0a7ae07","matchCriteriaId":"EF9A4C1B-8396-48E6-8E46-3A3767DA17FC"}]}]}],"references":[{"url":"https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-rx4w-x86j-vx57","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-rx4w-x86j-vx57","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47749","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T19:16:55.867","lastModified":"2026-06-25T13:55:14.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the SHORT_BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. A malicious checkpoint file could cause heap corruption through memcpy with an attacker-controlled length. This may lead to process crash and could potentially be leveraged for code execution depending on heap layout. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by not loading .ckpt checkpoint files from untrusted sources, and referring to trusted model sources and safer formats such as .safetensors where possible."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"leejet","product":"stable-diffusion.cpp","versions":[{"version":"< master-584-0a7ae07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:31:17.346999Z","id":"CVE-2026-47749","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:leejet:stable-diffusion.cpp:*:*:*:*:*:c\\+\\+:*:*","versionEndExcluding":"master-584-0a7ae07","matchCriteriaId":"EF9A4C1B-8396-48E6-8E46-3A3767DA17FC"}]}]}],"references":[{"url":"https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/pull/1443","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-2c29-5hxg-fv9g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-2c29-5hxg-fv9g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47927","sourceIdentifier":"psirt@adobe.com","published":"2026-06-16T19:16:56.007","lastModified":"2026-06-26T15:29:02.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"DNG SDK","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.7.1 2536","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:53:17.533377Z","id":"CVE-2026-47927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1.2611","matchCriteriaId":"EB12F01C-B3CE-4C78-8974-8E1F27294CBA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/dng-sdk/apsb26-67.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47934","sourceIdentifier":"psirt@adobe.com","published":"2026-06-16T19:16:56.130","lastModified":"2026-06-26T15:28:38.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"DNG SDK","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.7.1 2536","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T19:30:40.803709Z","id":"CVE-2026-47934","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1.2611","matchCriteriaId":"EB12F01C-B3CE-4C78-8974-8E1F27294CBA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/dng-sdk/apsb26-67.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47963","sourceIdentifier":"psirt@adobe.com","published":"2026-06-16T19:16:56.250","lastModified":"2026-06-26T15:28:15.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"DNG SDK","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.7.1 2536","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:38:38.918953Z","id":"CVE-2026-47963","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1.2611","matchCriteriaId":"EB12F01C-B3CE-4C78-8974-8E1F27294CBA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/dng-sdk/apsb26-67.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47964","sourceIdentifier":"psirt@adobe.com","published":"2026-06-16T19:16:56.367","lastModified":"2026-06-26T15:27:45.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"DNG SDK","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.7.1 2536","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T03:56:04.333618Z","id":"CVE-2026-47964","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1.2611","matchCriteriaId":"EB12F01C-B3CE-4C78-8974-8E1F27294CBA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/dng-sdk/apsb26-67.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48775","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T19:16:58.880","lastModified":"2026-06-24T18:53:55.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in turn result in code execution at checkpoint load time. This is a defense-in-depth issue. The affected behavior is reachable only when checkpoint bytes at rest in the backing store can be modified by an unauthorized party. In most deployments that prerequisite already implies a serious incident; the additional concern is turning \"checkpoint-store write access\" into code execution in the application runtime. This issue has been fixed in version 4.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain-ai","product":"langgraph","versions":[{"version":"< 1.2.2","status":"affected"}]},{"vendor":"langchain-ai","product":"langraph-checkpoint","versions":[{"version":"< 4.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:41:07.187804Z","id":"CVE-2026-48775","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"},{"lang":"en","value":"CWE-913"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langchain:langgraph-checkpoint:*:*:*:*:*:python:*:*","versionEndExcluding":"4.1.1","matchCriteriaId":"2D1D5AE6-0A20-4B4C-BF68-45B41F983D5F"}]}]}],"references":[{"url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-fjqc-hq36-qh5p","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4367","sourceIdentifier":"secalert@redhat.com","published":"2026-06-16T19:16:59.233","lastModified":"2026-06-26T22:16:32.370","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libxpm-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.5.17-7.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libXpm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libXpm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libXpm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libXpm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libXpm","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T18:45:23.608458Z","id":"CVE-2026-4367","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:30354","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-4367","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448984","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/5448e1bd","source":"secalert@redhat.com"},{"url":"https://seclists.org/oss-sec/2026/q2/192","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/21/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-0126","sourceIdentifier":"dsap-vuln-management@google.com","published":"2026-06-16T20:16:23.547","lastModified":"2026-06-24T17:16:56.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"dsap-vuln-management@google.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","versions":[{"version":"Android kernel","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T03:56:24.129433Z","id":"CVE-2026-0126","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01","source":"dsap-vuln-management@google.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12425","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-06-16T20:16:28.443","lastModified":"2026-06-26T15:51:13.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"PowerSchool","product":"Employee Access Center","defaultStatus":"unaffected","collectionURL":"https://www.powerschool.com/","versions":[{"version":"23.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:04:50.510597Z","id":"CVE-2026-12425","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:powerschool:employee_access_center:23.10:*:*:*:*:*:*:*","matchCriteriaId":"0C371F53-930C-4DE0-90B5-8F4ED5F49F7B"}]}]}],"references":[{"url":"https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2026/PANW-2026-0002/PANW-2026-0002.md","source":"psirt@paloaltonetworks.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-46448","sourceIdentifier":"cve@mitre.org","published":"2026-06-16T20:16:41.697","lastModified":"2026-06-26T15:50:35.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Nova","defaultStatus":"unaffected","versions":[{"version":"18.0.0","lessThan":"31.3.1","versionType":"semver","status":"affected"},{"version":"32.0.0","lessThan":"32.2.1","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"33.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T12:17:00.108810Z","id":"CVE-2026-46448","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-669"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","versionStartIncluding":"18.0.0","versionEndExcluding":"31.3.1","matchCriteriaId":"A0CF8704-C1F4-40B9-9402-C4848DE46EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","versionStartIncluding":"32.0.0","versionEndExcluding":"32.2.1","matchCriteriaId":"D48D37C0-272C-477F-92B0-3DBA498C0236"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","versionStartIncluding":"33.0.0","versionEndExcluding":"33.0.2","matchCriteriaId":"3EF5BA17-4553-4967-B3B5-25FFC24CF90E"}]}]}],"references":[{"url":"https://bugs.launchpad.net/nova/+bug/2151252","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2026/06/16/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/16/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.launchpad.net/nova/+bug/2151252","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47747","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T20:16:44.163","lastModified":"2026-06-25T13:55:07.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption.\nThe issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"leejet","product":"stable-diffusion.cpp","versions":[{"version":"< master-584-0a7ae07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:11:20.505716Z","id":"CVE-2026-47747","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:leejet:stable-diffusion.cpp:*:*:*:*:*:c\\+\\+:*:*","versionEndExcluding":"master-584-0a7ae07","matchCriteriaId":"EF9A4C1B-8396-48E6-8E46-3A3767DA17FC"}]}]}],"references":[{"url":"https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/pull/1443","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-mghm-5mqc-pwmp","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-mghm-5mqc-pwmp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47750","sourceIdentifier":"security-advisories@github.com","published":"2026-06-16T20:16:44.413","lastModified":"2026-06-25T13:55:19.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07,  the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"leejet","product":"stable-diffusion.cpp","versions":[{"version":"< master-584-0a7ae07","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:55:19.988917Z","id":"CVE-2026-47750","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:leejet:stable-diffusion.cpp:*:*:*:*:*:c\\+\\+:*:*","versionEndExcluding":"master-584-0a7ae07","matchCriteriaId":"EF9A4C1B-8396-48E6-8E46-3A3767DA17FC"}]}]}],"references":[{"url":"https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/pull/1443","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-v37x-jwp7-mcvc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35271","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:19.343","lastModified":"2026-06-24T20:02:40.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Weblogic).  Supported versions that are affected are 8.61 and  8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.  While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35272","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:19.453","lastModified":"2026-06-24T20:02:07.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package).  Supported versions that are affected are 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35274","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:19.663","lastModified":"2026-06-24T20:01:37.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package).  Supported versions that are affected are 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data as well as  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:14:50.377121Z","id":"CVE-2026-35274","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35276","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:19.873","lastModified":"2026-06-24T20:01:05.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Application Server).  Supported versions that are affected are 8.61 and  8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35278","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.083","lastModified":"2026-06-24T20:00:29.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor).  Supported versions that are affected are 8.61 and  8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35278","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35279","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.187","lastModified":"2026-06-24T19:59:32.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor).  Supported versions that are affected are 8.61 and  8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35279","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35280","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.293","lastModified":"2026-06-23T13:55:31.493","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:49:15.693608Z","id":"CVE-2026-35280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35281","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.397","lastModified":"2026-06-23T13:55:11.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:45:57.333702Z","id":"CVE-2026-35281","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35282","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.500","lastModified":"2026-06-23T13:54:50.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:42:39.400122Z","id":"CVE-2026-35282","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35283","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.603","lastModified":"2026-06-23T13:54:29.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:41:48.356917Z","id":"CVE-2026-35283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35284","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.703","lastModified":"2026-06-23T13:54:12.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:38:59.277295Z","id":"CVE-2026-35284","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35285","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:20.807","lastModified":"2026-06-23T13:53:51.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T13:36:57.423158Z","id":"CVE-2026-35285","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35288","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.013","lastModified":"2026-06-24T19:58:25.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package).  Supported versions that are affected are 8.61 and  8.62. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools.  While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35289","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:40:21.117","lastModified":"2026-06-24T19:58:00.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Deployment Package).  Supported versions that are affected are 8.61 and  8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PT PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise PT PeopleTools","versions":[{"version":"8.61","versionType":"semver","status":"affected"},{"version":"8.62","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-35289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.61:*:*:*:*:*:*:*","matchCriteriaId":"A7E5859A-0E69-4A6B-A974-31B9C59B881B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.62:*:*:*:*:*:*:*","matchCriteriaId":"EB731E35-FB1C-46AD-9AFD-E52B4FF37A31"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46778","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:55.363","lastModified":"2026-06-26T03:40:35.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise Oracle WebCenter Enterprise Capture.  While the vulnerability is in Oracle WebCenter Enterprise Capture, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Enterprise Capture. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Enterprise Capture","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:56.101005Z","id":"CVE-2026-46778","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AAB9F9BE-3C88-442C-8C44-61074AFD9A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_enterprise_capture:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"97ECC2BF-A3F1-4011-9697-5B85CA8BBDB4"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46808","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:53:58.467","lastModified":"2026-06-23T05:17:03.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server).   The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as  unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Content","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46808","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B05C4A06-4CB2-4755-8B15-5B00BD24610F"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46838","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:01.293","lastModified":"2026-06-23T05:17:03.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal.  While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Portal","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5456AE6E-4139-4207-9EBD-50EAEC93F83C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46844","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:01.917","lastModified":"2026-06-23T05:17:04.067","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal.  While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Portal","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46844","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5456AE6E-4139-4207-9EBD-50EAEC93F83C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46845","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.020","lastModified":"2026-06-23T05:17:04.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Portal.  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Portal","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46845","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5456AE6E-4139-4207-9EBD-50EAEC93F83C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46846","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.140","lastModified":"2026-06-23T05:17:04.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal.  While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Portal","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46846","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5456AE6E-4139-4207-9EBD-50EAEC93F83C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46847","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.280","lastModified":"2026-06-23T05:17:04.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCenter Portal.  While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle WebCenter Portal","versions":[{"version":"12.2.1.4.0","versionType":"semver","status":"affected"},{"version":"14.1.2.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46847","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5456AE6E-4139-4207-9EBD-50EAEC93F83C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46848","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.383","lastModified":"2026-06-23T05:17:04.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console).  Supported versions that are affected are 14.1.2.0.0 and  15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to compromise WebLogic Server.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all WebLogic Server accessible data as well as  unauthorized access to critical data or complete access to all WebLogic Server accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"WebLogic Server","versions":[{"version":"14.1.2.0.0","versionType":"semver","status":"affected"},{"version":"15.1.1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46848","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0FCA3D99-4596-4CF0-B5E1-7A6497F83B83"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:15.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F538D9B4-B101-4182-8C69-F30B183DD3A2"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46849","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.490","lastModified":"2026-06-23T05:17:04.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise CS Student Financials product of Oracle PeopleSoft (component: Other).   The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Financials.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Student Financials accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise CS Student Financials","versions":[{"version":"9.2.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46849","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_student_financials:9.2.38:*:*:*:*:*:*:*","matchCriteriaId":"0F5E60B8-0A53-4093-9A24-FAE7CACE607C"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46850","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.590","lastModified":"2026-06-22T15:09:57.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code).   The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MySQL Shell.  While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of MySQL Shell. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"MySQL Shell","versions":[{"version":"2026.2.0+9.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46850","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:2026.2.0:*:*:*:*:visual_studio_code:*:*","matchCriteriaId":"9CC34AEF-DFF6-4089-985C-882E561A357D"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46851","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:02.700","lastModified":"2026-06-23T05:17:04.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Security).   The supported version that is affected is 9.2.38. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CS Campus Community. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise CS Campus Community","versions":[{"version":"9.2.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-46851","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.2.38:*:*:*:*:*:*:*","matchCriteriaId":"F677DAFD-730F-4302-9898-88CF3CB329FB"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46869","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:04.593","lastModified":"2026-06-22T15:27:31.453","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load).  Supported versions that are affected are 8.4.0-8.4.9 and  9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"MySQL Shell","versions":[{"version":"8.4.0","lessThanOrEqual":"8.4.9","versionType":"custom","status":"affected"},{"version":"9.0.0","lessThanOrEqual":"9.7.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:00:48.424072Z","id":"CVE-2026-46869","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:*:*:*:*:*:-:*:*","versionStartIncluding":"8.4.0","versionEndIncluding":"8.4.9","matchCriteriaId":"00FEB85C-58E4-4FB5-BF4C-0AC3C2AA3504"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:*:*:*:*:*:-:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.7.0","matchCriteriaId":"AA67DE59-476B-4EA3-A647-1CC6BE793903"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46870","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:04.697","lastModified":"2026-06-22T15:09:46.333","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code).   The supported version that is affected is 2026.2.0+9.6.1. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell.  While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of MySQL Shell. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"MySQL Shell","versions":[{"version":"2026.2.0+9.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46870","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:2026.2.0:*:*:*:*:visual_studio_code:*:*","matchCriteriaId":"9CC34AEF-DFF6-4089-985C-882E561A357D"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46871","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:04.800","lastModified":"2026-06-22T15:09:51.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code).   The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"MySQL Shell","versions":[{"version":"2026.2.0+9.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:09:53.177436Z","id":"CVE-2026-46871","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_shell:2026.2.0:*:*:*:*:visual_studio_code:*:*","matchCriteriaId":"9CC34AEF-DFF6-4089-985C-882E561A357D"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46885","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:06.183","lastModified":"2026-06-26T03:41:18.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI).  Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Integration.  Successful attacks of this vulnerability can result in takeover of Siebel CRM Integration. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Siebel CRM Integration","versions":[{"version":"17.0","lessThanOrEqual":"26.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46885","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndIncluding":"26.5","matchCriteriaId":"A7D7F180-9AFD-4344-8F60-64A29733BB59"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46888","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:06.497","lastModified":"2026-06-26T03:41:53.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade).  Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to compromise Siebel CRM Deployment.  Successful attacks of this vulnerability can result in takeover of Siebel CRM Deployment. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Siebel CRM Deployment","versions":[{"version":"17.0","lessThanOrEqual":"26.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T03:57:03.580017Z","id":"CVE-2026-46888","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0","versionEndIncluding":"26.5","matchCriteriaId":"A7D7F180-9AFD-4344-8F60-64A29733BB59"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46891","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:06.807","lastModified":"2026-06-26T03:43:16.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Accounts Payable.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Accounts Payable accessible data as well as  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Accounts Payable accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"JD Edwards EnterpriseOne Accounts Payable","versions":[{"version":"9.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46891","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_accounts_payable:9.2:*:*:*:*:*:*:*","matchCriteriaId":"7684CBEF-5712-4409-B231-9F7714E3EFB3"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46892","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:06.910","lastModified":"2026-06-26T03:44:25.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Human Resources Management.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Human Resources Management accessible data as well as  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Human Resources Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"JD Edwards EnterpriseOne Human Resources Management","versions":[{"version":"9.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46892","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_human_resources_management:9.2:*:*:*:*:*:*:*","matchCriteriaId":"CEE5F6AB-0462-4B5C-8794-1BDED7B869E8"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46893","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:07.013","lastModified":"2026-06-26T03:44:44.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the JD Edwards EnterpriseOne General Ledger product of Oracle JD Edwards (component: E1 Foundation).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise JD Edwards EnterpriseOne General Ledger.  While the vulnerability is in JD Edwards EnterpriseOne General Ledger, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne General Ledger. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"JD Edwards EnterpriseOne General Ledger","versions":[{"version":"9.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-46893","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_general_ledger:9.2:*:*:*:*:*:*:*","matchCriteriaId":"D322B7C6-D718-4A61-85B8-4E94D2DF6917"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46978","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:16.803","lastModified":"2026-06-26T03:45:23.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon).   The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris.  While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as  unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"Oracle Solaris","versions":[{"version":"11.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T03:57:45.263069Z","id":"CVE-2026-46978","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.4:*:*:*:*:*:*:*","matchCriteriaId":"BC3F1DDC-DF8F-4F64-8454-C4A7C60C8462"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46979","sourceIdentifier":"secalert_us@oracle.com","published":"2026-06-17T10:54:16.910","lastModified":"2026-06-26T03:45:49.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces).   The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)."}],"affected":[{"source":"secalert_us@oracle.com","affectedData":[{"vendor":"Oracle Corporation","product":"PeopleSoft Enterprise CS Campus Community","versions":[{"version":"9.2.38","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T03:57:43.959494Z","id":"CVE-2026-46979","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_cs_campus_community:9.2.38:*:*:*:*:*:*:*","matchCriteriaId":"F677DAFD-730F-4302-9898-88CF3CB329FB"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48776","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T10:55:15.113","lastModified":"2026-06-26T15:26:53.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to address a different resource (and potentially a different resource type) than the SDK method's call site indicates. In deployments where the SDK receives identifier values that originate from untrusted sources, this could result in unintended access, modification, or deletion of resources beyond the calling user's authorization scope. This issue is most consequential in deployments that forward end-user-supplied values directly into SDK identifier parameters without first validating them against an expected format (such as a UUID), and rely on URL-prefix-based authorization at an upstream layer (reverse proxy, edge gateway, WAF), where the authorization decision is made on the SDK call's intended path rather than on the final delivered request path. The issue has been fixed in version 0.3.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain-ai","product":"langchain-ai","versions":[{"version":"< 1.2.1","status":"affected"}]},{"vendor":"langchain-ai","product":"langchain-sdk","versions":[{"version":"< 0.3.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:02:12.377940Z","id":"CVE-2026-48776","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langchain:langgraph-sdk:*:*:*:*:*:python:*:*","versionEndExcluding":"0.3.15","matchCriteriaId":"FF96A006-91D6-4FB7-ACAA-F6E8A3D7AAA0"}]}]}],"references":[{"url":"https://github.com/langchain-ai/langgraph/releases/tag/sdk%3D%3D0.3.15","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-w39p-vh2g-g8g5","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-59872","sourceIdentifier":"psirt@hcl.com","published":"2026-06-17T13:19:15.180","lastModified":"2026-06-26T15:13:47.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code"}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"ZIE","defaultStatus":"unaffected","versions":[{"version":"16.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:29.705142Z","id":"CVE-2025-59872","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:zie_for_web:16.0:*:*:*:*:*:*:*","matchCriteriaId":"668EDDAE-8F76-43A7-B8DF-391E751A6BEE"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131549","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-62340","sourceIdentifier":"psirt@hcl.com","published":"2026-06-17T13:19:15.840","lastModified":"2026-06-26T15:00:54.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity"}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"iControl","defaultStatus":"unaffected","versions":[{"version":"v4.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:03:49.449083Z","id":"CVE-2025-62340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:icontrol:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"01440CF2-2739-41E2-8E14-03453ECDED9D"}]}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131511","source":"psirt@hcl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10641","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-17T14:17:37.070","lastModified":"2026-06-26T14:58:10.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cind_handle(), which assigns a per-entry counter index and calls cind_handle_values() for each list element. cind_handle_values() then wrote hf-ind_table[index] = i without verifying that index is within the 20-element int8_t ind_table[] array of struct bt_hfp_hf. Because the parser places no cap on the number of +CIND: list entries, a remote Attendant Gateway (a malicious, compromised, or spoofed peer the device connects to over Bluetooth) can send a response with more than 20 recognized indicator entries and drive index arbitrarily large, writing a small attacker-positioned value past the array into adjacent struct fields (feature masks, SDP/version state, the calls[] array, work/atomic bookkeeping) and potentially beyond the static connection pool slot. This yields memory corruption and at least denial of service of the Bluetooth host, triggered by a single malformed AT response with no user interaction. The sibling consumer ag_indicator_handle_values() already performed the equivalent bounds check; this commit adds the same index = ARRAY_SIZE(hf-ind_table) guard to close the gap. Affects builds with CONFIG_BT_HFP_HF enabled; introduced with the original HFP HF CIND parser (~v1.7) and present through v4.4.0."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"1.7.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T14:59:49.875821Z","id":"CVE-2026-10641","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.3","matchCriteriaId":"F84F7796-3778-4B10-B6DF-A6B3A937F5A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.1","matchCriteriaId":"681D956E-1EA8-40D2-9954-0E6B710FB436"},{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.2","matchCriteriaId":"1A0A2134-3579-444D-91CA-CCEE3F15995A"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/cf7693a8261ae363c9cf46cfd51005486637173e","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wx5j-q6f2-59p3","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wx5j-q6f2-59p3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-47477","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:34.873","lastModified":"2026-06-22T18:28:29.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:16:05.675164Z","id":"CVE-2024-47477","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.1.1","matchCriteriaId":"C5003BBB-F3D3-49CB-86D2-DD780A4A3967"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10850","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-17T15:16:42.440","lastModified":"2026-06-23T14:47:07.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Plane","product":"Plane","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"1.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:39:36.404624Z","id":"CVE-2026-10850","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plane:plane:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"2F79023F-DFA3-4957-8FA2-59215D237727"}]}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/earth","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/makeplane/plane","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/es/advisories/earth","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-22283","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:44.513","lastModified":"2026-06-25T14:16:36.613","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:38:07.125741Z","id":"CVE-2026-22283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8.0","matchCriteriaId":"3DE9AE6E-0124-4A48-B2B8-DAAF16614BC2"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32804","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:45.663","lastModified":"2026-06-25T14:16:37.300","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T14:33:03.905467Z","id":"CVE-2026-32804","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35065","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:45.807","lastModified":"2026-06-25T14:16:37.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T16:09:44.226124Z","id":"CVE-2026-35065","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35066","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:46.020","lastModified":"2026-06-25T14:16:37.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T14:33:47.863006Z","id":"CVE-2026-35066","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35067","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:46.400","lastModified":"2026-06-25T14:16:37.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:00:47.710109Z","id":"CVE-2026-35067","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35162","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:46.590","lastModified":"2026-06-25T14:16:38.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:41:39.843733Z","id":"CVE-2026-35162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40641","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:49.640","lastModified":"2026-06-25T13:16:39.813","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:37:41.936410Z","id":"CVE-2026-40641","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48142","sourceIdentifier":"f5sirt@f5.com","published":"2026-06-17T15:16:59.040","lastModified":"2026-06-22T16:50:00.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Open Source","defaultStatus":"unknown","modules":["ngx_http_charset_module"],"versions":[{"version":"1.13.10","lessThan":"1.31.2","versionType":"custom","status":"affected"},{"version":"1.30.0","lessThan":"1.30.3","versionType":"custom","status":"affected"}]},{"vendor":"F5","product":"NGINX Plus","defaultStatus":"unaffected","modules":["ngx_http_charset_module"],"versions":[{"version":"37.0","lessThan":"37.0.2.1","versionType":"custom","status":"affected"},{"version":"R36","lessThan":"R36 P6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:42:46.410409Z","id":"CVE-2026-48142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.7.0","matchCriteriaId":"0772572C-26F9-4FA4-B9E6-BA40ED59F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:dos:4.9.0:*:*:*:*:nginx:*:*","matchCriteriaId":"DACAC9CB-16D3-4F55-A466-70035779B387"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndIncluding":"1.6.2","matchCriteriaId":"15B7F1FD-0C49-460F-9CB8-23DA730EC4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.6.3","matchCriteriaId":"67499218-62EE-4217-897D-AF3E92D92E39"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.7.2","matchCriteriaId":"10D5B143-4C1E-4626-8B49-3EA7160E9256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.1","matchCriteriaId":"73A1CDBB-49F6-4AB6-AA67-542FD8017D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.5.0","matchCriteriaId":"9A7B5595-C9CF-4D75-8522-BB0161D978D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.17.0","versionEndIncluding":"2.22.0","matchCriteriaId":"BCFCE3FC-61E0-4749-8F09-EEB4B09B1218"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.30.2","matchCriteriaId":"AD753AAB-7ADA-4B0D-A33B-74E149277C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"1.31.0","versionEndIncluding":"1.31.1","matchCriteriaId":"4B3A862B-427A-440A-93AB-FFA1FB2E3909"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*","versionStartIncluding":"37.0.0","versionEndIncluding":"37.0.1","matchCriteriaId":"DB9460A8-35D0-45BD-A94F-F4833F6914AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*","versionStartIncluding":"r33","versionEndIncluding":"r36","matchCriteriaId":"6A4E310C-8582-4A6E-A703-DCD4055517A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"4.10.0","versionEndIncluding":"4.16.0","matchCriteriaId":"EB1118B4-3EA7-4A69-8259-86BB8837FC00"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.2.0","versionEndIncluding":"5.8.0","matchCriteriaId":"2DB79E6C-08B0-4341-BCBE-B8070DDAA7AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*","versionStartIncluding":"5.9.0","versionEndIncluding":"5.13.1","matchCriteriaId":"03FC0AE0-1D26-4002-92DD-1895A38F6382"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161585","source":"f5sirt@f5.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49502","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T15:16:59.850","lastModified":"2026-06-25T14:16:42.013","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T14:29:19.946890Z","id":"CVE-2026-49502","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-26240","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T17:16:38.383","lastModified":"2026-06-22T20:42:41.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In JazzCore python-pdfkit 1.0.0, the from_string method enables the execution of JavaScript code within the context of the server application and the exfiltration of local files."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:26:29.872654Z","id":"CVE-2025-26240","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://habuon.github.io/2025/03/12/pdfkit-vulnerability-%28CVE-2025-26240%29.html","source":"cve@mitre.org"},{"url":"https://www.csirt.gov.sk/the-python-pdfkit-library-vulnerability.html","source":"cve@mitre.org"},{"url":"https://habuon.github.io/2025/03/12/pdfkit-vulnerability-%28CVE-2025-26240%29.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12515","sourceIdentifier":"secalert@redhat.com","published":"2026-06-17T17:16:42.727","lastModified":"2026-06-26T23:17:07.997","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ctags","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rubygem-katello","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/rubygem-katello","cpes":["cpe:/a:redhat:satellite:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:25:59.268222Z","id":"CVE-2026-12515","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12515","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2489812","source":"secalert@redhat.com"},{"url":"https://github.com/Katello/katello/pull/11712","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-20181","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T17:16:42.990","lastModified":"2026-06-22T14:31:46.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 3","status":"affected"},{"version":"3.5 Patch 2","status":"affected"},{"version":"3.3 Patch 10","status":"affected"},{"version":"3.2 Patch 10","status":"affected"},{"version":"3.1.0 p11","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-20181","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"804C2F93-8ADC-454A-90DF-59F51FEF9E0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch3:*:*:*:*:*:*","matchCriteriaId":"719C8E82-269D-4F21-B2B4-4CD3033A17F9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"E7F4D769-1845-41F0-8F15-B5D8AC15DFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch3:*:*:*:*:*:*","matchCriteriaId":"656248A2-92B4-40B8-8D81-1135A4F35D20"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20190","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T17:16:43.130","lastModified":"2026-06-22T14:30:44.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.4.0","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 2","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:14:11.061077Z","id":"CVE-2026-20190","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20220","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T17:16:43.253","lastModified":"2026-06-22T14:16:26.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an&nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation in the configuration&nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.&nbsp;\r\nTo exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.&nbsp;"}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Crosswork Network Change Automation","defaultStatus":"unknown","versions":[{"version":"3.0.0","status":"affected"},{"version":"3.0.1","status":"affected"},{"version":"1.0.0","status":"affected"},{"version":"2.0.0","status":"affected"},{"version":"2.0.1","status":"affected"},{"version":"3.0.2","status":"affected"},{"version":"2.0.2","status":"affected"},{"version":"3.0.3","status":"affected"},{"version":"4.0.0","status":"affected"},{"version":"4.1.0","status":"affected"},{"version":"4.5.0","status":"affected"},{"version":"4.1.1","status":"affected"},{"version":"5.0.0","status":"affected"},{"version":"4.5.1","status":"affected"},{"version":"4.1.2","status":"affected"},{"version":"5.0.1","status":"affected"},{"version":"4.5.2","status":"affected"},{"version":"5.0.2","status":"affected"},{"version":"4.1.3","status":"affected"},{"version":"6.0.0","status":"affected"},{"version":"7.0.0","status":"affected"},{"version":"4.1.4","status":"affected"},{"version":"6.0.2","status":"affected"},{"version":"5.0.3","status":"affected"},{"version":"6.0.3","status":"affected"},{"version":"5.0.4","status":"affected"},{"version":"7.0.1","status":"affected"},{"version":"6.0.4","status":"affected"},{"version":"7.0.2","status":"affected"},{"version":"7.1.0","status":"affected"},{"version":"5.0.5","status":"affected"},{"version":"7.0.3","status":"affected"},{"version":"7.0.4","status":"affected"},{"version":"7.1.1","status":"affected"},{"version":"7.0.5","status":"affected"},{"version":"7.2.0","status":"affected"},{"version":"7.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:13:43.754531Z","id":"CVE-2026-20220","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.3","matchCriteriaId":"368EEF28-B3DE-4145-A54F-05C763B66B64"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:crosswork_network_controller:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BABB1354-D413-4D8A-B3FA-72604F606C1D"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32652","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T17:16:45.103","lastModified":"2026-06-23T13:44:14.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell AIOps Collector versions prior to 1.18.3 contain a \"Use of Default Credentials\" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"AIOps","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.18.3 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:24:23.267897Z","id":"CVE-2026-32652","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:aiops_collector:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.3","matchCriteriaId":"8E5832A4-C917-4CD9-8BE2-642716C84B33"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-in/000477931/dsa-2026-231-security-update-for-dell-aiops-collector-for-default-credential-vulnerability","source":"security_alert@emc.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-35068","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T17:16:46.047","lastModified":"2026-06-25T14:16:38.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:58:16.624614Z","id":"CVE-2026-35068","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-35069","sourceIdentifier":"security_alert@emc.com","published":"2026-06-17T17:16:46.163","lastModified":"2026-06-25T14:16:38.143","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerFlex","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.1.0.1 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"4.5.5.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:50:48.533250Z","id":"CVE-2026-35069","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.5.2","matchCriteriaId":"8F1EE8D3-8814-4DFD-9F39-73B2E1CFED52"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6.0","versionEndExcluding":"5.1.0.1","matchCriteriaId":"56FAF94E-4638-489B-9580-7BDBE8A0767A"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-36418","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T17:16:49.880","lastModified":"2026-06-22T20:42:41.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:24:47.876323Z","id":"CVE-2026-36418","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/Catherines77/code-au/blob/main/jimureport/aviator.md","source":"cve@mitre.org"},{"url":"https://github.com/Catherines77/code-au/blob/main/jimureport/aviator.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53874","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T17:17:25.733","lastModified":"2026-06-23T03:16:41.477","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle is loaded from untrusted sources."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"1.0.1","versionType":"semver","status":"affected"},{"version":"1.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T01:59:41.046470Z","id":"CVE-2026-53874","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9m3x-qqw2-h32h","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-obfuscated-eval-call","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9m3x-qqw2-h32h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9675","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T17:17:28.183","lastModified":"2026-06-25T17:46:52.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nThe undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nThis is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected.\n\nPatches:\nUpgrade to undici >= 8.5.0.\n\nWorkarounds:\nNo workaround is available. The fix must be applied through an upgrade."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:29:24.751635Z","id":"CVE-2026-9675","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11525","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T18:17:35.097","lastModified":"2026-06-25T17:46:21.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici's fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer's view of a cookie's SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of 'Strict', 'Lax', or 'None' (exact, case-insensitive) before forwarding or relying on it."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"0","lessThan":"6.26.0","versionType":"semver","status":"affected"},{"version":"6.26.0","versionType":"semver","status":"unaffected"},{"version":"7.0.0","lessThan":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.28.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:53:40.763762Z","id":"CVE-2026-11525","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-183"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.27.0","matchCriteriaId":"632BE4D6-A743-4F05-9B3F-FE6A7B3E58D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.28.0","matchCriteriaId":"0C34D757-BB16-4E28-95D8-7D3FAC851B69"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20178","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T18:17:35.587","lastModified":"2026-06-22T14:17:11.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed.\r\n\r This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Webex App","versions":[{"version":"N/A","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:13:20.277003Z","id":"CVE-2026-20178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_web_app:-:*:*:*:*:-:*:*","matchCriteriaId":"B387B804-3EE7-4A0B-8ED5-7FD5E51C2319"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39199","sourceIdentifier":"cve@mitre.org","published":"2026-06-17T18:17:44.117","lastModified":"2026-06-22T20:42:41.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Snes9X team","product":"Snes9X","defaultStatus":"unknown","versions":[{"version":"1.63","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:10:08.019633Z","id":"CVE-2026-39199","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/snes9xgit/snes9x/commit/96b366100172723f6314c40e237b370f4f7b59f4","source":"cve@mitre.org"},{"url":"https://github.com/snes9xgit/snes9x/issues/1035","source":"cve@mitre.org"},{"url":"https://karansaini.com/snes9x-oob-write/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-48591","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-06-17T18:18:04.370","lastModified":"2026-06-22T18:45:41.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values.\n\n'Elixir.Earmark.Transform':_make_att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal \" bytes: [\" \", name, \"=\\\"\", value, \"\\\"\"]. Text nodes are routed through the existing escape function which encodes \" as &quot;, but attribute values never visit that path. A markdown link whose URL or title contains a bare \" closes the attribute early and lets the trailing bytes be parsed by the browser as fresh HTML attributes. For example, [click](http://example.com/?a=x\" onerror=\"alert(1)) renders as <a href=\"http://example.com/?a=x\" onerror=\"alert(1)\">click</a>, executing arbitrary JavaScript in the victim's browser.\n\nThe earmark library is no longer maintained and has been retired on Hex. No patched version will be released. All releases from 1.4.1 onward are affected, and users should migrate to a maintained Markdown library such as MDEx.\n\nThis issue affects earmark from 1.4.1 onward."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"pragdave","product":"earmark","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"earmark","cpes":["cpe:2.3:a:pragdave:earmark:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Earmark.Transform'"],"programFiles":["lib/earmark/transform.ex"],"programRoutines":[{"name":"'Elixir.Earmark.Transform':_make_att1/2"}],"repo":"https://github.com/pragdave/earmark","packageURL":"pkg:hex/earmark","versions":[{"version":"1.4.1","lessThan":"*","versionType":"semver","status":"affected"}]},{"vendor":"pragdave","product":"earmark","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"pragdave/earmark","cpes":["cpe:2.3:a:pragdave:earmark:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Earmark.Transform'"],"programFiles":["lib/earmark/transform.ex"],"programRoutines":[{"name":"'Elixir.Earmark.Transform':_make_att1/2"}],"repo":"https://github.com/pragdave/earmark","packageURL":"pkg:github/pragdave/earmark","versions":[{"version":"8236a0570bd894b50e360da08131ec3294c20799","lessThan":"*","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:25:40.841347Z","id":"CVE-2026-48591","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-83"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-48591.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-48591","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-53805","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T18:18:05.320","lastModified":"2026-06-22T20:23:26.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a __reduce__ gadget to the inference API port to achieve remote code execution as the inference process."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nv-tlabs","product":"GEN3C","defaultStatus":"affected","repo":"https://github.com/nv-tlabs/GEN3C","versions":[{"version":"0","lessThan":"db2ffe12ced12ddafcec5e0422ee46ce8520746b","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:12:46.716303Z","id":"CVE-2026-53805","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/nv-tlabs/GEN3C/commit/db2ffe12ced12ddafcec5e0422ee46ce8520746b","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nv-tlabs/GEN3C/pull/62","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nv-tlabs/GEN3C/pull/63","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nvidia-sil-gen3c-unauthenticated-rce-via-pickle-deserialization-in-inference-api","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9678","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T18:18:06.050","lastModified":"2026-06-25T17:44:16.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nUndici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=\" authorization\" or no-cache=\"\\tauthorization\". The parser preserves the surrounding whitespace, so later comparisons against the literal authorization field name fail and the response is stored.\n\nIn shared-cache mode, this allows a response containing one user's authenticated data to be served from cache to a subsequent caller, including an unauthenticated caller, when both requests resolve to the same cache key.\n\nAffected applications are those that explicitly enable the cache interceptor (interceptors.cache()) in shared mode, forward Authorization headers upstream, and receive cacheable responses with non-canonical qualified private or no-cache directives.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, disable shared-cache mode for traffic that includes Authorization headers, avoid caching responses to authenticated requests, or add Vary: Authorization upstream."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"7.0.0","lessThan":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.28.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:05:24.378630Z","id":"CVE-2026-9678","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.28.0","matchCriteriaId":"0C34D757-BB16-4E28-95D8-7D3FAC851B69"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9679","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T18:18:06.307","lastModified":"2026-06-25T17:43:39.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nundici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application's downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici's cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"0","lessThan":"6.26.0","versionType":"semver","status":"affected"},{"version":"6.26.0","versionType":"semver","status":"unaffected"},{"version":"7.0.0","lessThan":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.28.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:31:46.100353Z","id":"CVE-2026-9679","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.27.0","matchCriteriaId":"632BE4D6-A743-4F05-9B3F-FE6A7B3E58D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.28.0","matchCriteriaId":"0C34D757-BB16-4E28-95D8-7D3FAC851B69"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-p88m-4jfj-68fv","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-55196","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T19:18:13.203","lastModified":"2026-06-23T03:16:41.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"hermes-webui","product":"hermes-webui","defaultStatus":"unaffected","repo":"https://github.com/nesquena/hermes-webui","packageURL":"pkg:npm/hermes-webui-devtools","versions":[{"version":"0","lessThan":"0.51.409","versionType":"semver","status":"affected"},{"version":"0.51.409","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:02:11.438761Z","id":"CVE-2026-55196","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/nesquena/hermes-webui/commit/4d90577e25d5537cb07290eca3fb8abff3bab316","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/4171","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/4267","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.51.442","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-passkey-registration-via-authentication-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-10696","sourceIdentifier":"security@devolutions.net","published":"2026-06-17T20:16:47.670","lastModified":"2026-06-24T19:03:13.193","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use of an incorrectly resolved name or reference in the pinget backend \nin Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community \ncatalog contributor to cause an installed application to be correlated \nto an unrelated, attacker-controlled catalog package and to execute an \nattacker-controlled installer via a crafted catalog package whose \nnormalized name is contained as a substring within the installed \napplication name when a user applies the proposed update."}],"affected":[{"source":"security@devolutions.net","affectedData":[{"vendor":"Devolutions","product":"UniGetUI","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2026.2.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:38:53.962259Z","id":"CVE-2026-10696","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@devolutions.net","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:unigetui:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.2.1.0","matchCriteriaId":"05A08A2C-FB9C-4B76-AC88-4EBF09F72663"}]}]}],"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2026-0019","source":"security@devolutions.net","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10741","sourceIdentifier":"103e4ec9-0a87-450b-af77-479448ddef11","published":"2026-06-17T20:16:48.187","lastModified":"2026-06-23T15:37:54.137","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials."}],"affected":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","affectedData":[{"vendor":"Sonatype","product":"Nexus Repository Manager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.4:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.70.5:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.73.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.74.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.75.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.75.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.76.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.76.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.77.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.78.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.78.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.79.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.80.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.81.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.82.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.83.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.84.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.85.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.85.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.86.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.87.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.88.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.89.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.89.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.90.3:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.91.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.91.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.92.0:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.92.1:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.92.2:*:*:*:*:*:*:*","cpe:2.3:a:sonatype:nexus_repository_manager:3.92.3:*:*:*:*:*:*:*"],"versions":[{"version":"3.1.0","lessThan":"3.93.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T19:37:05.347645Z","id":"CVE-2026-10741","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"103e4ec9-0a87-450b-af77-479448ddef11","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://help.sonatype.com/en/sonatype-nexus-repository-3-93-0-release-notes.html","source":"103e4ec9-0a87-450b-af77-479448ddef11"},{"url":"https://support.sonatype.com/hc/en-us/articles/52341191736851","source":"103e4ec9-0a87-450b-af77-479448ddef11"}]}},{"cve":{"id":"CVE-2026-11407","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:16:48.690","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig SecurityPolicy. Attackers can supply malicious Twig templates through the DataObject ClassDefinition Layout\\Text component to perform arbitrary file reads, execute arbitrary database queries, and potentially achieve remote code execution via PHP object gadget chains, with the pimcore_* function wildcard further broadening the bypass to all Pimcore Twig functions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Pimcore GmbH","product":"Pimcore CMS/DXP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"12.3.8","versionType":"semver","status":"affected"},{"version":"fffa7f6396329e88610db70a8652529bbc734892","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:55:46.986860Z","id":"CVE-2026-11407","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/pimcore/pimcore/commit/fffa7f6396329e88610db70a8652529bbc734892","source":"disclosure@vulncheck.com"},{"url":"https://github.com/pimcore/pimcore/pull/19193","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/pimcore-cms-twig-sandbox-bypass-via-securitypolicy-checkmethodallowed","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48814","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T20:17:22.260","lastModified":"2026-06-23T15:50:59.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw (with Access-Control-Allow-Origin now set only for localhost origins), but the empty-default-secret flaw described in the title remained: the SSE MCP server still defaulted to an empty secret, _isAuthorized() still returned true when the secret was empty, and a non-loopback bind only produced a warning. As a result, the server still ran fully unauthenticated by default. Any non-browser caller (for example, curl, SSRF, or a 0.0.0.0 bind) could invoke all 22 MCP tools (config_set, agent_spawn, blackboard_write, token_*) with no credentials. This issue was fixed in version 5.7.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Jovancoding","product":"Network-AI","versions":[{"version":"< 5.7.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:42:39.963767Z","id":"CVE-2026-48814","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/Jovancoding/Network-AI/releases/tag/v5.7.2","source":"security-advisories@github.com"},{"url":"https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-r78r-rwrf-rjwp","source":"security-advisories@github.com"},{"url":"https://github.com/advisories/GHSA-j3vx-cx2r-pvg8","source":"security-advisories@github.com"},{"url":"https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-r78r-rwrf-rjwp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48817","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T20:17:22.427","lastModified":"2026-06-26T19:18:13.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route(...) without an explicit methods= argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler. An application (including Starlette-based frameworks like FastAPI) is affected if it registers an HTTPEndpoint subclass via Route(...) without explicitly setting methods=, and that subclass includes extra methods named like non-standard HTTP verbs that take one request argument and return a response. This issue has been fixed in version 1.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"starlette","versions":[{"version":"< 1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:49:36.586536Z","id":"CVE-2026-48817","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"DD48D170-564B-4AAB-8092-6DE121E58626"}]}]}],"references":[{"url":"https://github.com/Kludex/starlette/releases/tag/1.1.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Kludex/starlette/security/advisories/GHSA-x746-7m8f-x49c","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50107","sourceIdentifier":"f5sirt@f5.com","published":"2026-06-17T20:17:23.960","lastModified":"2026-06-22T15:00:58.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Gateway Fabric","defaultStatus":"unknown","modules":["Custom Resource Definitions"],"versions":[{"version":"2.3.0","lessThan":"2.6.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:57:49.527832Z","id":"CVE-2026-50107","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.6.4","matchCriteriaId":"561F238A-378C-4094-8B53-615F901ABC91"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161785","source":"f5sirt@f5.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54387","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:17:27.480","lastModified":"2026-06-22T18:43:10.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tinyproxy","product":"tinyproxy","defaultStatus":"affected","repo":"https://github.com/tinyproxy/tinyproxy","versions":[{"version":"0","lessThanOrEqual":"1.11.3","versionType":"semver","status":"affected"},{"version":"ff45d3bf0e61d0f8ed97ab379d3047f04eb67521","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:10:38.925525Z","id":"CVE-2026-54387","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/tinyproxy/tinyproxy/commit/ff45d3bf0e61d0f8ed97ab379d3047f04eb67521","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/issues/609","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/pull/610","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-cl-te-desynchronization","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-54388","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:17:27.623","lastModified":"2026-06-22T18:43:10.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tinyproxy","product":"tinyproxy","defaultStatus":"affected","repo":"https://github.com/tinyproxy/tinyproxy","versions":[{"version":"0","lessThanOrEqual":"1.11.3","versionType":"semver","status":"affected"},{"version":"364cdb67e0ea00a8e4a7037e2693e0711e816adb","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:33:31.245200Z","id":"CVE-2026-54388","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/issues/609","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/pull/610","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-duplicate-content-length-headers","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/issues/609","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55199","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:17:28.520","lastModified":"2026-06-26T19:16:37.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"libssh2","product":"libssh2","defaultStatus":"unaffected","repo":"https://github.com/libssh2/libssh2","versions":[{"version":"0","lessThanOrEqual":"1.11.1","versionType":"semver","status":"affected"},{"version":"17626857d20b3c9a1addfa45979dadcee1cd84a4","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:31:38.712448Z","id":"CVE-2026-55199","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.1","matchCriteriaId":"00D62356-F677-41CF-AC66-2871AD2112BA"}]}]}],"references":[{"url":"https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/libssh2/libssh2/pull/1864","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg-ext-info-handler","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55201","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:17:29.093","lastModified":"2026-06-23T15:17:24.710","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download_dir() function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem command output that are passed unsanitized to File.join(). Attackers controlling the remote server can exploit this to overwrite sensitive client-side files such as SSH authorized_keys or shell configuration files, achieving persistent access or privilege escalation on the client machine."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Hackplayers","product":"evil-winrm","defaultStatus":"unaffected","repo":"https://github.com/Hackplayers/evil-winrm","versions":[{"version":"0","lessThanOrEqual":"3.9","versionType":"custom","status":"affected"},{"version":"6ecd570a298562dc72ad73978307eb34182f5850","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:49:52.347715Z","id":"CVE-2026-55201","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/Hackplayers/evil-winrm/commit/6ecd570a298562dc72ad73978307eb34182f5850","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Hackplayers/evil-winrm/pull/81","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/evil-winrm-path-traversal-in-download-dir-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-55202","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T20:17:29.250","lastModified":"2026-06-23T03:16:41.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger unauthorized access to internal proxy statistics or misroute requests as transparent proxy connections to circumvent access controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tinyproxy","product":"tinyproxy","defaultStatus":"unaffected","repo":"https://github.com/tinyproxy/tinyproxy","versions":[{"version":"0","lessThanOrEqual":"1.11.3","versionType":"semver","status":"affected"},{"version":"09312a185ae25cc486b4ff5987638a7917a48bce","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:03:31.233580Z","id":"CVE-2026-55202","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce","source":"disclosure@vulncheck.com"},{"url":"https://github.com/tinyproxy/tinyproxy/pull/606","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/evil-winrm-path-traversal-in-download-dir-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-48821","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T21:16:23.247","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted into the DOM using innerHTML without proper sanitization. The issue originates from the interaction between the backend thumbnail update endpoint and the frontend JavaScript responsible for rendering update progress. On the backend, the ThumbnailsController::ajaxUpdate method returns bookmark data formatted using the 'raw' formatter. This includes the unescaped bookmark title in the JSON response. On the client side, the script thumbnails-update.js processes this AJAX response and dynamically updates the progress interface. Administrators using the thumbnail synchronization feature are affected and exploitation could lead to session hijacking, privilege escalation, backdoor injection and full compromise. This issue has been fixed in version 0.16.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"shaarli","product":"Shaarli","versions":[{"version":"< 0.16.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:56:58.369827Z","id":"CVE-2026-48821","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/shaarli/Shaarli/releases/tag/v0.16.2","source":"security-advisories@github.com"},{"url":"https://github.com/shaarli/Shaarli/security/advisories/GHSA-mw63-f9qj-c5h3","source":"security-advisories@github.com"},{"url":"https://github.com/shaarli/Shaarli/security/advisories/GHSA-mw63-f9qj-c5h3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48979","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T21:16:23.410","lastModified":"2026-06-23T16:04:55.583","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PHP Standard Library (PSL) is set of APIs covering async, collections, networking, I/O, cryptography, terminal UI, etc. In versions 6.1.0, 6.1.1 and 6.2.0, the Psl\\H2\\ServerConnection does not validate that the total bytes received in DATA frames match the content-length header declared in the HEADERS frame, allowing request smuggling. This is in violation of RFC 9113 §8.1.1. A malicious client is able to send more DATA bytes than declared, smuggling additional content past application-level size limits and send fewer DATA bytes than declared and close the stream early, causing applications that trust the declared length to behave incorrectly.\nThe vulnerability is only reachable for consumers using Psl\\H2\\ServerConnection directly to accept untrusted client traffic. Consumers of documented high-level PSL APIs are not affected. This issue has been fixed in versions 6.1.2 and 6.2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"php-standard-library","product":"php-standard-library","versions":[{"version":">= 6.1.0, < 6.1.2","status":"affected"},{"version":">= 6.2.0, < 6.2.1","status":"affected"}]},{"vendor":"php-standard-library","product":"php-standard-library/h2","versions":[{"version":">= 6.1.0, < 6.1.2","status":"affected"},{"version":">= 6.2.0, < 6.2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:11:22.051909Z","id":"CVE-2026-48979","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://github.com/php-standard-library/php-standard-library/releases/tag/6.1.2","source":"security-advisories@github.com"},{"url":"https://github.com/php-standard-library/php-standard-library/releases/tag/6.2.1","source":"security-advisories@github.com"},{"url":"https://github.com/php-standard-library/php-standard-library/security/advisories/GHSA-pw9p-jvrm-f7rm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48988","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T21:16:23.563","lastModified":"2026-06-24T19:06:21.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic (O(n^2)) processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt(), which performs O(n) slicing and concatenation per quote character. This can cause excessive CPU consumption when parsing quote-heavy, user-supplied markdown and may let attackers degrade or disrupt service availability. Although typographer is disabled by default, many production apps enable it for smart typography, making the issue relevant. This issue has been fixed in version 14.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"markdown-it","product":"markdown-it","versions":[{"version":"< 14.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:41:23.675536Z","id":"CVE-2026-48988","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:markdown-it_project:markdown-it:*:*:*:*:*:*:*:*","versionEndExcluding":"14.2.0","matchCriteriaId":"6876B7CA-66C6-46C9-ACFF-5AE8B8BF8F49"}]}]}],"references":[{"url":"https://github.com/markdown-it/markdown-it/commit/9ce2087562c45d1e5ddd9f76b990f4b3fbe040e5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6v5v-wf23-fmfq","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6v5v-wf23-fmfq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49133","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T21:16:23.720","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument. Attackers can bypass traversal-prevention controls in Storage::getFolderPath() to access sensitive files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"typemill","product":"typemill","defaultStatus":"affected","repo":"https://github.com/typemill/typemill","versions":[{"version":"0","lessThan":"2.24.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:56:08.627763Z","id":"CVE-2026-49133","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/typemill/typemill/commit/bfbb27001acd5c56ad62166dbefe6a59798cf1c0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/typemill/typemill/releases/tag/v2.24.2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/typemill-path-traversal-via-controllerapiimage-getpagemedia","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-12530","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-06-17T22:16:20.740","lastModified":"2026-06-22T16:40:18.473","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >= 1.1.3 and < 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments.\n\n\n\nTo mitigate this issue, users should upgrade to version 1.6.1."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"bedrock-agentcore","defaultStatus":"unaffected","versions":[{"version":"1.1.3","lessThan":"1.6.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:52:43.712722Z","id":"CVE-2026-12530","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-044-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://pypi.org/project/bedrock-agentcore/1.6.1/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-48820","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:22.110","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cakephp","product":"cakephp","versions":[{"version":">= 5.3.0, < 5.3.6","status":"affected"},{"version":">= 5.2.0, < 5.2.13","status":"affected"},{"version":">= 5.0.0, < 5.1.7","status":"affected"},{"version":">= 4.6.0, < 4.6.4","status":"affected"},{"version":"< 4.5.11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:52:33.657255Z","id":"CVE-2026-48820","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/cakephp/cakephp/security/advisories/GHSA-wpvj-hjcr-h3p2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48989","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:23.040","lastModified":"2026-06-23T16:05:19.737","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS (allow_origins=*, allow_methods=*, allow_headers=*). Because the same server also exposed a PowerShell tool that executes caller-controlled commands as the Windows user running Windows-MCP, attackers could reach the control plane from arbitrary origins or non-browser clients and achieve arbitrary PowerShell execution. This issue was fixed in version 0.7.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CursorTouch","product":"Windows-MCP","versions":[{"version":"< 0.7.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:43:54.214198Z","id":"CVE-2026-48989","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/CursorTouch/Windows-MCP/releases/tag/v0.7.5","source":"security-advisories@github.com"},{"url":"https://github.com/CursorTouch/Windows-MCP/security/advisories/GHSA-vrxg-gm77-7q5g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48990","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:23.270","lastModified":"2026-06-23T15:50:59.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead to resource exhaustion. The normal JWS compact and flattened JSON paths reject payloads above the configured payload-size limit with ExceededSizeError. The RFC7797 unencoded payload paths do not make the same check. A valid b64=false compact or flattened JSON JWS can therefore deserialize successfully with a payload larger than JWSRegistry.max_payload_length. Applications that accept lower-trust JWS values and rely on joserfc to reject oversized token content during verification have a moderate availability risk. This issue has been fixed in version 1.6.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"authlib","product":"joserfc","versions":[{"version":"< 1.6.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:51:44.745917Z","id":"CVE-2026-48990","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/authlib/joserfc/releases/tag/1.6.7","source":"security-advisories@github.com"},{"url":"https://github.com/authlib/joserfc/security/advisories/GHSA-wphv-vfrh-23q5","source":"security-advisories@github.com"},{"url":"https://github.com/authlib/joserfc/security/advisories/GHSA-wphv-vfrh-23q5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48991","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:23.507","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or state validation. Exploitation is most likely to occur when an attacker is able to observe, intercept, or otherwise interfere with the local authentication flow on the same device. This issue has been fixed in version 1.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"XianYuLauncher","product":"XianYuLauncher","versions":[{"version":"< 1.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:54:05.147617Z","id":"CVE-2026-48991","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/XianYuLauncher/XianYuLauncher/pull/213","source":"security-advisories@github.com"},{"url":"https://github.com/XianYuLauncher/XianYuLauncher/security/advisories/GHSA-q6r9-qxmf-8hfx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48997","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:23.737","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"e107 is a content management system (CMS). Versions  2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize_image(), the source path is escaped with escapeshellarg(), but the destination path is inserted inside raw double quotes in the convert command; in the submit-news upload flow, that destination filename includes the first six characters of user-controlled news title input. Because the title filter removes literal spaces but not tab characters, and shell expansions such as $(...) and backticks can survive into the quoted destination argument, /bin/sh -c may evaluate attacker-controlled input. Exploitation is possible only when all of the following non-default settings are enabled: resize_method=ImageMagick, subnews_attach=1, upload_enabled=1, subnews_resize is numeric between 30 and 5000, and the attacker is a non-admin in classes permitted by both subnews_class and upload_class. This issue has been fixed in version 2.3.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"e107inc","product":"e107","versions":[{"version":"< 2.3.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:05:40.518821Z","id":"CVE-2026-48997","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/e107inc/e107/releases/tag/v2.3.6","source":"security-advisories@github.com"},{"url":"https://github.com/e107inc/e107/security/advisories/GHSA-3j33-c9v4-4p42","source":"security-advisories@github.com"},{"url":"https://github.com/e107inc/e107/security/advisories/GHSA-3j33-c9v4-4p42","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50194","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:23.983","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port (`Management:Endpoints:Port` is configured), the middleware responsible for restricting access to the endpoints uses the `Host` HTTP header rather than the actual network socket port. Versions 3.4.0 and 4.2.0 patch the issue. If an immediate upgrade to a patched version is not possible, add explicit ASP.NET Core authorization (`RequireAuthorization`) to all sensitive actuator endpoints as a defense-in-depth measure independent of port isolation and/or configure the reverse proxy or load balancer to enforce the `Host` header value and prevent clients from setting an arbitrary port."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.Endpoint","versions":[{"version":"< 4.2.0","status":"affected"}]},{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.EndpointCore","versions":[{"version":">= 3.2.2, < 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:12:36.389640Z","id":"CVE-2026-50194","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/4cbc352fe89ac2e6c609554e435ab28996fec5e9","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/b7ca93c510aaa08d7e4ebec40ce20c5811c2c4b6","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-58f6-6rj2-3v8r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50196","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:24.210","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, `DataCenterInfo.FromJson` throws `ArgumentException` for any `name` value other than `\"MyOwn\"` or `\"Amazon\"`, despite the Java Eureka specification defining a third valid value: `\"Netflix\"`. The exception propagates through the entire registry deserialization chain and is swallowed by the periodic cache refresh task, leaving the local service registry permanently empty or stale. Versions 4.2.0 and 3.4.0 patch the issue. If an immediate upgrade is not possible, remove any registrations using unsupported `DataCenterInfo.name` values from the registry. In mixed Java/Spring and Steeltoe environments, audit for the `Netflix` data center type before deploying Steeltoe Eureka clients."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Discovery.Eureka","versions":[{"version":">= 4.0.0, < 4.2.0","status":"affected"},{"version":"< 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:49:01.345133Z","id":"CVE-2026-50196","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/b8ed8557bb595863e4f340051d16b26ba40a75f4","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/c34a7399e808d0d11dd977460e81df1f2722df28","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-j8ph-6fxj-g533","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50200","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T22:16:24.453","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the `Sanitizer` component in the Environment actuator redacts configuration values by matching the configuration key name against a suffix list. The default list (`password`, `secret`, `key`, `token`, `.*credentials.*`, `vcap_services`) does not cover the standard .NET pattern `ConnectionStrings:<name>` or Steeltoe Connectors' `Steeltoe:Client:<type>:Default:ConnectionString`. There is no value-based scrubbing, so full connection string values including embedded `Password=` and `user:pass@host` segments are returned verbatim in `/actuator/env` responses. Steeltoe.Management.Endpoint 4.2.0 and Steeltoe.Management.EndpointCore 3.4.0 patch the issue. If an immediate upgrade is not possible: On the standard path, remove `env` from the actuator exposure list; add `.*connectionstring.*` to `KeysToSanitize` as a defense-in-depth measure for both paths; and/or require authorization on actuator endpoints."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.Endpoint","versions":[{"version":"< 4.2.0","status":"affected"}]},{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.EndpointCore","versions":[{"version":"< 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:44:57.861073Z","id":"CVE-2026-50200","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/bef9f14b710232fca3fbe87e48fdd1b9e6b60d43","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/e50cd31a429b191841120f0d38fa9dda8f751b0a","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-q62h-354g-5r85","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54386","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-17T22:16:24.690","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Attackers can craft a malicious link with a payload beginning with __new__ to bypass the 404 check and inject JavaScript into the page, which executes without Content-Security-Policy restrictions in the origin of a victim's marimo server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"marimo-team","product":"marimo","defaultStatus":"affected","repo":"https://github.com/marimo-team/marimo","versions":[{"version":"0","lessThan":"0.23.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:48:21.870654Z","id":"CVE-2026-54386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/marimo-team/marimo/commit/fdd55c8cf6260ae23bb411dc9d9269def5cf75d6","source":"disclosure@vulncheck.com"},{"url":"https://github.com/marimo-team/marimo/pull/9789","source":"disclosure@vulncheck.com"},{"url":"https://github.com/marimo-team/marimo/releases/tag/0.23.9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/marimo-xss-via-file-query-parameter-in-assets-py","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-8049","sourceIdentifier":"cret@cert.org","published":"2026-06-17T22:16:25.070","lastModified":"2026-06-22T17:51:36.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In SignalRGB versions prior to 1.3.7.0, the \\\\.\\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"SignalRGB","product":"SignalRGB kernel driver","versions":[{"version":"0","lessThan":"1.3.7.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:12:10.123796Z","id":"CVE-2026-8049","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://kb.cert.org/vuls/id/380058","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2026-8050","sourceIdentifier":"cret@cert.org","published":"2026-06-17T22:16:25.330","lastModified":"2026-06-22T17:51:36.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"SignalRGB","product":"SignalRGB kernel driver","versions":[{"version":"0","lessThan":"1.3.7.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:14:27.020614Z","id":"CVE-2026-8050","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://kb.cert.org/vuls/id/380058","source":"cret@cert.org"}]}},{"cve":{"id":"CVE-2024-24769","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:02.160","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this is very low. Version 5.0.0 fixes the issue. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vantage6","product":"vantage6","versions":[{"version":"< 5.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:43:19.829737Z","id":"CVE-2024-24769","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/vantage6/vantage6/blob/main/docs/release_notes.rst#500","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/issues/1932","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-5549-c5q7-fj65","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2024-27928","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:02.790","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via email. This way they reduce 2FA to 1FA (email access). Note that most email providers require 2FA to access email, so this issue is not very likely to cause issues. Version 5.0.0 fixes the issue. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vantage6","product":"vantage6","versions":[{"version":"< 5.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:57:27.690129Z","id":"CVE-2024-27928","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-308"}]}],"references":[{"url":"https://github.com/vantage6/vantage6/blob/main/docs/release_notes.rst#500","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/issues/1932","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-4c5c-2vc3-x5w2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-12565","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2026-06-17T23:17:02.970","lastModified":"2026-06-22T17:45:43.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar < 1.34 (Ubuntu 20.04, Debian Buster, CentOS 7, many Docker base images), a malicious archive can write files outside the intended extraction directory."}],"affected":[{"source":"cves@blacklanternsecurity.com","affectedData":[{"vendor":"Black Lantern Security","product":"BBOT","defaultStatus":"unaffected","repo":"https://github.com/blacklanternsecurity/bbot","versions":[{"version":"2.3.1","lessThanOrEqual":"<=2.8.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:50:54.389353Z","id":"CVE-2026-12565","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/blacklanternsecurity/bbot/commit/4fb38fd6e","source":"cves@blacklanternsecurity.com"}]}},{"cve":{"id":"CVE-2026-12566","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2026-06-17T23:17:03.100","lastModified":"2026-06-22T17:45:43.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens."}],"affected":[{"source":"cves@blacklanternsecurity.com","affectedData":[{"vendor":"Black Lantern Security","product":"BBOT","defaultStatus":"unaffected","repo":"https://github.com/blacklanternsecurity/bbot","versions":[{"version":"2.0.0","lessThanOrEqual":"<=2.8.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:50:29.407349Z","id":"CVE-2026-12566","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/blacklanternsecurity/bbot/commit/c2f4bc0f4","source":"cves@blacklanternsecurity.com"}]}},{"cve":{"id":"CVE-2026-12567","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2026-06-17T23:17:03.220","lastModified":"2026-06-22T17:45:43.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location."}],"affected":[{"source":"cves@blacklanternsecurity.com","affectedData":[{"vendor":"Black Lantern Security","product":"BBOT","defaultStatus":"unaffected","repo":"https://github.com/blacklanternsecurity/bbot","versions":[{"version":"2.0.0","lessThanOrEqual":"<=2.8.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:50:06.432373Z","id":"CVE-2026-12567","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/blacklanternsecurity/bbot/commit/16d9c42b6","source":"cves@blacklanternsecurity.com"}]}},{"cve":{"id":"CVE-2026-12568","sourceIdentifier":"cves@blacklanternsecurity.com","published":"2026-06-17T23:17:03.340","lastModified":"2026-06-22T17:45:43.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system."}],"affected":[{"source":"cves@blacklanternsecurity.com","affectedData":[{"vendor":"Black Lantern Security","product":"BBOT","defaultStatus":"unaffected","repo":"https://github.com/blacklanternsecurity/bbot","versions":[{"version":"2.1.0","lessThanOrEqual":"<=2.8.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:47:54.938181Z","id":"CVE-2026-12568","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cves@blacklanternsecurity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/blacklanternsecurity/bbot/commit/36bc20818","source":"cves@blacklanternsecurity.com"}]}},{"cve":{"id":"CVE-2026-44644","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:03.463","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the strip_html filter logic. The strip_html filter is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch (<.*?>) does not match line terminators, so any HTML tag containing a \\n or \\r character passes through unmodified. An attacker who can place a newline inside a tag (e.g. <img\\nsrc=x\\nonerror=alert(1)>) bypasses sanitization entirely, since browsers treat newlines as whitespace within a tag and execute the resulting onerror/onload/etc. handler. Exploitation is possible for applications that both render attacker-controlled strings via {{ x | strip_html }} to defend against HTML injection and do not separately HTML-escape that output (default behavior — outputEscape is unset by default). This issue has been fixed in version 10.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:09:01.490176Z","id":"CVE-2026-44644","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/26ea2856c7a90aec892b98d94a9b7a3e18539045","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.26.0","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-2qv6-9wx5-cwv4","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-2qv6-9wx5-cwv4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44645","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:03.607","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a {% for %} (or {% tablerow %}) tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the mechanism that \"mitigates this by limiting the time consumed by each render() call.\" The per-iteration time check is reached only when the body contains at least one template node, so a template such as {%- for i in (1..N) -%}{%- endfor -%} iterates the full collection without ever consulting renderLimit. With a configured renderLimit of 50 ms, a single parseAndRenderSync call has been observed to consume 2.26 seconds (~45× over the limit) and scales linearly with N up to memoryLimit, allowing a low-privileged template author to wedge an event-loop thread for an attacker-chosen duration. Deployments that rely on a finite renderLimit for DoS protection (common in multi-tenant template-authoring environments) can still be forced by a single crafted template to monopolize a Node.js event-loop worker for attacker-controlled time, potentially stalling in-flight requests, with availability impact only. This issue has been fixed in version 10.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:05:03.703365Z","id":"CVE-2026-44645","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/5b9c3469085e01c79e2d0af28e2a13f730e1793d","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.26.0","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-8xx9-69p8-7jp3","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-8xx9-69p8-7jp3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44646","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:03.743","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn() creates a child Context for the {% render %} tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly (the instance-level option), silently discarding any RenderOptions.ownPropertyOnly override that was supplied to parseAndRender(). As a result, a developer who runs a Liquid instance with the backwards-compatible ownPropertyOnly:false and then locks down an untrusted render with parseAndRender(..., { ownPropertyOnly: true }) still leaks prototype-chain properties from inside any {% render %} partial. This is a distinct exploit surface from the previously identified array-filter variants (where, reject, group_by, find, find_index, has) — the underlying root cause in Context.spawn() is shared, but {% render %} is a separately reachable sink that needs no filter usage. This issue has been fixed in version 10.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:45:29.819664Z","id":"CVE-2026-44646","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/dbbf6288030591bf6da28d8c1cce5a17bca97bb6","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.26.0","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-9x9p-qf8f-mvjg","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-9x9p-qf8f-mvjg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45357","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:03.893","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad()/padStart(), leading to memory and render limit bypass. In src/util/underscore.ts, the pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a single small template ({{ x | date: '%5000000d' }}) produces megabytes of output and unbounded CPU. The memoryLimit and renderLimit options the docs (src/liquid-options.ts:87-92) advertise as DoS controls — and which the docstring explicitly mentions for strftime — are entirely bypassed. Exploitation can cause large memory allocations, high CPU usage, or OOM crashes per render. This issue has been fixed in version 10.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:48:36.994250Z","id":"CVE-2026-45357","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/3129d46dc95efa357b00e5a57ee1af80a13d72ed","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.26.0","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-hh27-hf48-9f5q","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-hh27-hf48-9f5q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45617","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.033","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in strip_html filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many <script, <style, or <!-- opener tokens without matching closers, the V8 regex engine performs O(N²) backtracking, blocking the Node.js event loop. A single ~350 KB request ('<script'.repeat(50000)) stalls the process for ~10 seconds; cost grows quadratically with input size. The default memoryLimit: Infinity does not bound regex CPU, and even when configured strip_html only charges str.length to the limit — the regex itself runs unbounded.  A single unauthenticated request containing crafted untrusted input can cause severe event-loop blocking and CPU amplification that saturates Node.js workers while bypassing memoryLimit protections. This issue has been fixed in version 10.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"harttle","product":"liquidjs","versions":[{"version":"< 10.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:46:01.767622Z","id":"CVE-2026-45617","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/harttle/liquidjs/commit/3616a744b9abeb425c217b340a2397d46176afb8","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/releases/tag/v10.26.0","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-r7g9-xpmj-5fcq","source":"security-advisories@github.com"},{"url":"https://github.com/harttle/liquidjs/security/advisories/GHSA-r7g9-xpmj-5fcq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48759","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.173","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a non-guest member of the provided workspaceId, but then operate on themeTemplateId via Prisma queries that do NOT include workspaceId in the WHERE clause. This allows any authenticated user to modify or delete theme templates belonging to any other workspace and may expose Template IDs via shared typebots or network traffic. This issue has been fixed in version 3.16.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"baptisteArno","product":"typebot.io","versions":[{"version":"< 3.16.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:47:24.308701Z","id":"CVE-2026-48759","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/baptisteArno/typebot.io/releases/tag/v3.16.0","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-qv4p-4mp3-pvpv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50201","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.313","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to `EndpointPermissions.Restricted`, which is mappeds to Cloud Foundry's `read_basic_data` permission (granted to Space Auditors and similar low-trust roles). Sensitive actuators including heap dump, environment, and thread dump do not raise this to `EndpointPermissions.Full`, so CF's `read_sensitive_data` permission flag is not enforced for those endpoints. Spring Boot's equivalent Cloud Foundry integration gates these endpoints with `read_sensitive_data` by default. Steeltoe.Management.Endpoint 4.2.0 and Steeltoe.Management.EndpointCore 3.4.0 patch the issue. If an immediate upgrade is not possible, explicitly set `RequiredPermissions = EndpointPermissions.Full` in the options for `HeapDumpEndpointOptions`, `EnvironmentEndpointOptions`, and `ThreadDumpEndpointOptions`; and/or if heap dump, thread dump, or environment are not needed in production, register only the required actuators individually instead of using `AddAllActuators()`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.Endpoint","versions":[{"version":"< 4.2.0","status":"affected"}]},{"vendor":"SteeltoeOSS","product":"Steeltoe.Management.EndpointBase","versions":[{"version":"< 3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:50:30.548433Z","id":"CVE-2026-50201","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/b39defa4db5f44f8696c456866b3a5b900d8d96b","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/da6c604decd992f61aeef763f5814102dcb088c7","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-227r-jm2g-7cp4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50202","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.450","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect prior to version 4.2.0, the JWT signing key cache in `TokenKeyResolver` uses `kid` as the sole cache key without namespacing by authority. In applications with multiple `JwtBearer` schemes pointing to different identity providers, a key fetched for one scheme can satisfy token validation for another. Additionally, cached keys have no expiration, so rotated or revoked keys remain trusted until the application process restarts. Steeltoe.Security.Authentication.CloudFoundryBase version 3.4.0, Steeltoe.Security.Authentication.JwtBearer version 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect version 4.2.0 patch the issue. If an immediate upgrade is not possible: In multi-scheme deployments, configure only one `JwtBearer` scheme per application when different identity providers are required; and/or restart the application process after an identity provider signing key rotation to clear stale cached keys."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Security.Authentication.CloudFoundryBase","versions":[{"version":"< 3.4.0","status":"affected"}]},{"vendor":"SteeltoeOSS","product":"Steeltoe.Security.Authentication.JwtBearer","versions":[{"version":"< 4.2.0","status":"affected"}]},{"vendor":"SteeltoeOSS","product":"Steeltoe.Security.Authentication.OpenIdConnect","versions":[{"version":"< 4.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:08:02.726405Z","id":"CVE-2026-50202","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/04db2ace3b806bfe0260bb7d4bda340f241eff48","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/17b27b8be546ae3f83a2f6e91d45e0c84c5314b7","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-7fqc-p256-7pwj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50267","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.590","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from `VCAP_SERVICES` include TLS client credentials, the Connectors library writes those credentials to temporary files in `Path.GetTempPath()` using `File.CreateText`. On Linux, `File.CreateText` creates files with mode `0644` (world-readable) under the process umask, and the files are never deleted. The same key material is protected at mode `0400` in `/proc/<pid>/environ`. Steeltoe.Configuration.Abstractions version 4.2.0 patches the issue. If an immediate upgrade is not possible, prevent other processes from running in the container under a different UID with access to `/tmp`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Configuration.Abstractions","versions":[{"version":">= 4.0.0, < 4.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:10:46.830420Z","id":"CVE-2026-50267","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/8dd97cc6c4b184121a4bd1f92f9ac16918433471","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-rxrh-4j9h-xgg9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50268","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:04.730","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encrypt:rsa:algorithm=OAEP` does not enable OAEP encryption. Due to an incorrect BouncyCastle transformation string, the `OAEP` setting selects PKCS#1 v1.5, which is the same algorithm as the `DEFAULT` setting. Steeltoe.Configuration.Encryption version 4.2.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"SteeltoeOSS","product":"Steeltoe.Configuration.Encryption","versions":[{"version":">= 4.0.0, < 4.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:46:22.767424Z","id":"CVE-2026-50268","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-256"},{"lang":"en","value":"CWE-327"}]}],"references":[{"url":"https://github.com/SteeltoeOSS/Steeltoe/commit/6cfee5cccddf8f9a31de69b0ca5ccdd771b73e5b","source":"security-advisories@github.com"},{"url":"https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-4j9m-h44m-2hv8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53676","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-06-17T23:17:04.870","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege (TENANT_ADMIN)."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"ThingsBoard","product":"ThingsBoard","versions":[{"version":"prior to v4.3.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:35:44.053985Z","id":"CVE-2026-53676","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/thingsboard/thingsboard/pull/15600","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/jp/JVN16937365/","source":"vultures@jpcert.or.jp"},{"url":"https://thingsboard.io/docs/releases/releases-table/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-54445","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:05.030","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is not ideal because attackers know that almost all vantage6 servers have a user with username `root` that probably has admin rights, and the initial password is very weak and it is possible that administrators forget to reset it. Version 5.0.0 fixes the issue. As a workaround, it is possible to delete the `root` user after it has been used to create other users."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vantage6","product":"vantage6","versions":[{"version":"< 5.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:49:25.888301Z","id":"CVE-2026-54445","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"},{"lang":"en","value":"CWE-1393"}]}],"references":[{"url":"https://github.com/vantage6/vantage6/blob/main/docs/release_notes.rst#500","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/issues/1932","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-fgmc-2hqj-86v4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54533","sourceIdentifier":"security-advisories@github.com","published":"2026-06-17T23:17:05.167","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to run on the node."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vantage6","product":"vantage6","versions":[{"version":"< 5.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:36:46.635453Z","id":"CVE-2026-54533","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://docs.vantage6.ai/usage/running-the-node/security","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/blob/main/docs/release_notes.rst#500","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/issues/1932","source":"security-advisories@github.com"},{"url":"https://github.com/vantage6/vantage6/security/advisories/GHSA-x9f6-9rvm-mmrg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48764","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T00:16:23.363","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard. The validator resolves the hostname and approves it, but the later request path performs a fresh resolution and connects to whatever IP the hostname maps to at that moment. The actual outbound request is then performed later using the original hostname, without pinning the validated IP to the network connection. An attacker who can supply a URL to a public bot that performs a server-side HTTP Request block or server-side script fetch can use DNS rebinding to pass the initial validation and still force the server to connect to a private or metadata address during the real request. This enables server-side access to private network services, cloud metadata endpoints, and other internal HTTP targets that the validator was intended to block. The exact downstream impact depends on the reachable internal services. Concrete consequences include metadata disclosure, access to internal admin panels, credential theft from metadata services, and further compromise through internal-only HTTP interfaces. This issue has been fixed in version 3.17.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"baptisteArno","product":"typebot.io","versions":[{"version":"< 3.17.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:06:39.058527Z","id":"CVE-2026-48764","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/baptisteArno/typebot.io/commit/f56c3c3f771df13a8c11e88f500dfdd78981bed1","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.2","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-hgqq-whf5-mrrf","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-hgqq-whf5-mrrf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48768","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T00:16:23.887","lastModified":"2026-06-22T18:27:30.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any anonymous visitor to a published bot with a file input can upload attacker-controlled HTML, SVG, or JS to attacker-chosen subpaths, including other tenants’ publicly served result paths, enabling arbitrary content hosting and potential stored XSS on the storage origin. ../ traversal is blocked by S3/MinIO canonicalization (signature mismatch), but forward-slash path injection is exploitable. This issue has been fixed in version 3.17.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"baptisteArno","product":"typebot.io","versions":[{"version":"< 3.17.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:01:18.948671Z","id":"CVE-2026-48768","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/baptisteArno/typebot.io/releases/tag/v3.17.0","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf","source":"security-advisories@github.com"},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55740","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T06:16:57.917","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vulnerability in bus_info.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query (select * from bus_info where id=$busid) without sanitization, escaping, or parameterization, and in a numeric (unquoted) context. A remote, unauthenticated attacker can inject arbitrary SQL — for example a UNION-based payload such as busid=-1 UNION SELECT 1,2,3,4,5,6 — to read arbitrary data from the bus_service database. The application connects to the database as the MySQL root account with an empty password, increasing the potential impact. The query is executed via mysqli_query(), which does not permit stacked (semicolon-separated) statements."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Nur-Alam39","product":"bus-ticket","defaultStatus":"affected","collectionURL":"https://github.com/Nur-Alam39/bus-ticket","programFiles":["bus_info.php"],"repo":"https://github.com/Nur-Alam39/bus-ticket"}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:55:37.171019Z","id":"CVE-2026-55740","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/Nur-Alam39/bus-ticket","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Nur-Alam39/bus-ticket/blob/459cabdbeb99c00225b26e46e3c2c30ae1de7bad/bus_info.php#L14-L16","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-28573","sourceIdentifier":"security@android.com","published":"2026-06-18T08:16:33.853","lastModified":"2026-06-22T18:16:35.153","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."}],"affected":[{"source":"security@android.com","affectedData":[{"vendor":"Google","product":"Android","defaultStatus":"unaffected","platforms":["Wear OS"],"versions":[{"version":"14","status":"affected"},{"version":"16","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@android.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:00:21.728022Z","id":"CVE-2026-28573","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*","matchCriteriaId":"2700BCC5-634D-4EC6-AB67-5B678D5F951D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*","matchCriteriaId":"02882AB1-7993-47DD-84A0-8DF4272D85ED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:samsung:wear_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D9250467-F69C-4822-B7F9-376ADD2127A3"}]}]}],"references":[{"url":"https://source.android.com/docs/security/bulletin/wear/2026/2026-06-01","source":"security@android.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55741","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T08:16:33.977","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action ('a=update') processes POST data via cot_config_update_options() without calling cot_check_xg() to validate the anti-CSRF token (the 'x' parameter), unlike other admin handlers (e.g. admin.structure.php, admin.cache.php). A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that modifies arbitrary core, module, or plugin configuration options, which can be leveraged to weaken security or enable further compromise."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","collectionURL":"https://github.com/Cotonti/Cotonti","programFiles":["system/admin/admin.config.php"],"repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:53:45.770119Z","id":"CVE-2026-55741","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/Cotonti/Cotonti","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e02027786dad9dac1435c7c52b30/system/admin/admin.config.php#L55","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-55742","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T08:16:34.100","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action ('a=update') modifies group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that grants elevated permissions to an attacker-controlled group, escalating privileges to administrator. Because Cotonti administrators can modify templates and configuration, this can be further leveraged toward remote code execution."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","collectionURL":"https://github.com/Cotonti/Cotonti","programFiles":["system/admin/admin.rights.php"],"repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:54:26.923984Z","id":"CVE-2026-55742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/Cotonti/Cotonti","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e02027786dad9dac1435c7c52b30/system/admin/admin.rights.php#L53","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-55744","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T08:16:34.223","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pfs/inc/pfs.main.php, the file upload action ('a=upload') processes uploaded files without calling cot_check_xg() to validate the anti-CSRF token, even though sibling actions such as 'delete' (line 272) do. A remote attacker who lures an authenticated user into visiting a malicious page can force the browser to submit a forged multipart request that uploads arbitrary files into the victim's PFS storage."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","collectionURL":"https://github.com/Cotonti/Cotonti","programFiles":["modules/pfs/inc/pfs.main.php"],"repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:52:14.807252Z","id":"CVE-2026-55744","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/Cotonti/Cotonti","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e02027786dad9dac1435c7c52b30/modules/pfs/inc/pfs.main.php#L118","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-55745","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T08:16:34.337","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pfs/inc/pfs.editfolder.php, the folder update action ('a=update') updates folder metadata (title, description, public/gallery flags) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated user into visiting a malicious page can force the browser to submit a forged request that modifies the victim's folder metadata, including making a private folder public."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","collectionURL":"https://github.com/Cotonti/Cotonti","programFiles":["modules/pfs/inc/pfs.editfolder.php"],"repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:53:00.493151Z","id":"CVE-2026-55745","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/Cotonti/Cotonti","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e02027786dad9dac1435c7c52b30/modules/pfs/inc/pfs.editfolder.php#L90","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-55746","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T08:16:34.453","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder title (pff_title) is imported with the 'TXT' filter, which does not strip or encode HTML (the tag check in cot_import is disabled), so an authenticated user can store HTML/JavaScript in a folder title. In modules/pfs/inc/pfs.main.php the title is assigned to the template variable PFF_ROW_TITLE without htmlspecialchars(), and modules/pfs/tpl/pfs.tpl outputs {PFF_ROW_TITLE} unescaped. When the folder listing is viewed (including by other users for public folders), the injected script executes in the victim's browser."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"Cotonti","product":"Cotonti","defaultStatus":"affected","collectionURL":"https://github.com/Cotonti/Cotonti","programFiles":["modules/pfs/inc/pfs.main.php"],"repo":"https://github.com/Cotonti/Cotonti","versions":[{"version":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:31:56.717274Z","id":"CVE-2026-55746","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Cotonti/Cotonti","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e02027786dad9dac1435c7c52b30/modules/pfs/inc/pfs.main.php#L396","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-9815","sourceIdentifier":"contact@wpscan.com","published":"2026-06-18T08:16:34.590","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"MagicForm","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"0.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:15:01.241479Z","id":"CVE-2026-9815","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/043f449f-fc65-4218-83d2-7742e62f2af3/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2025-10560","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-06-18T13:25:14.750","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources."}],"affected":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","affectedData":[{"vendor":"Silver Leaf Technologies, Inc.","product":"Worksnaps.net Worksnaps","defaultStatus":"unaffected","versions":[{"version":"Worksnaps before 1.6.20260201","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:38:47.478868Z","id":"CVE-2025-10560","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://r.sec-consult.com/worksnaps","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"https://www.worksnaps.net/www/download.shtml","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2026/Jun/21","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-50643","sourceIdentifier":"cvd@cert.pl","published":"2026-06-18T13:25:41.537","lastModified":"2026-06-22T17:49:05.150","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cvd@cert.pl","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of #line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays.\nBy supplying invalid or oversized line numbers, an attacker can trigger out-of-bounds memory access and a crash.\n\nMaintainer of this project was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Version corresponding to the commit b480958 was tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"rui314","product":"8cc","defaultStatus":"unknown","repo":"https://github.com/rui314/8cc","versions":[{"version":"b480958","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:17:47.845488Z","id":"CVE-2026-50643","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/06/CVE-2026-50641","source":"cvd@cert.pl"},{"url":"https://github.com/rui314/8cc","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-8811","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-06-18T13:25:46.147","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations."}],"affected":[{"source":"vulnerability@ncsc.ch","affectedData":[{"vendor":"SEPPmail AG","product":"Secure Email Gateway","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"15.0.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:09:49.487273Z","id":"CVE-2026-8811","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#possible-path-traversal-vulnerability","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-11717","sourceIdentifier":"cve-coordination@google.com","published":"2026-06-18T14:17:20.013","lastModified":"2026-06-22T20:18:53.300","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.\n\nWhen verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp struct where the Active field is declared as a pointer to a boolean (*bool). The code only explicitly rejects a token if the response contains a populated active field set to false (if introspectResp.Active != nil && !*introspectResp.Active). If an introspection endpoint responds with a payload that completely omits the mandatory active key, the internal variable remains nil, causing the conditional check to short-circuit. As a result, Toolbox accepts authorization tokens missing the \"active\" field, granting access to protected tools and underlying data sources."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"Google","product":"MCP Toolbox for Databases (googleapis/mcp-toolbox)","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThanOrEqual":"1.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:23:05.330652Z","id":"CVE-2026-11717","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/googleapis/mcp-toolbox/pull/3341","source":"cve-coordination@google.com"}]}},{"cve":{"id":"CVE-2026-11718","sourceIdentifier":"cve-coordination@google.com","published":"2026-06-18T14:17:20.190","lastModified":"2026-06-22T20:18:53.300","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.\n\nWhen the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an introspectResp struct. However, the subsequent claim-checking logic (validateClaims) evaluates the issuer condition as if a.issuer != \"\" && iss != \"\". If the external OAuth provider's introspection response omits the optional iss (issuer) field completely, the variable iss defaults to an empty string. This causes the conditional block to evaluate to false and be skipped silently. Consequently, the application accepts tokens issued by unauthorized or unintended third-party identity providers."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"Google","product":"MCP Toolbox for Databases (googleapis/mcp-toolbox)","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThanOrEqual":"1.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:01:08.666194Z","id":"CVE-2026-11718","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/googleapis/mcp-toolbox/pull/3360","source":"cve-coordination@google.com"}]}},{"cve":{"id":"CVE-2026-11719","sourceIdentifier":"cve-coordination@google.com","published":"2026-06-18T14:17:20.357","lastModified":"2026-06-22T20:18:53.300","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers.\n\nWhile the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) omit this check. An authenticated client with low-privilege tokens (e.g., read) can bypass the intended per-tool scope restrictions and execute high-privilege tools (e.g., admin) simply by specifying an older protocol version in the MCP-Protocol-Version header, or by omitting the header entirely (which causes the server to default to the vulnerable 2024-11-05 handler)."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"Google","product":"MCP Toolbox for Databases (googleapis/mcp-toolbox)","defaultStatus":"unaffected","versions":[{"version":"1.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:55:43.505312Z","id":"CVE-2026-11719","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/googleapis/mcp-toolbox/pull/3049","source":"cve-coordination@google.com"},{"url":"https://github.com/googleapis/mcp-toolbox/pull/3335","source":"cve-coordination@google.com"}]}},{"cve":{"id":"CVE-2026-11958","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-18T14:17:20.617","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\\Windows\\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and executed from that location with administrative privileges, the malicious library can be loaded automatically, allowing the attacker to gain administrator privileges on the affected machine."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"ANSSI","product":"DFIR-ORC","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"10.2.7","versionType":"custom","status":"affected"},{"version":"10.3.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:28:00.801964Z","id":"CVE-2026-11958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://github.com/DFIR-ORC/dfir-orc/releases/tag/v10.3.0","source":"cve-coordination@incibe.es"},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/local-privilege-escalation-anssis-dfir-orc","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-12527","sourceIdentifier":"1c6b5737-9389-4011-8117-89fa251edfb2","published":"2026-06-18T14:17:21.867","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1_V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-time video stream data."}],"affected":[{"source":"1c6b5737-9389-4011-8117-89fa251edfb2","affectedData":[{"vendor":"Shenzhen Liandian Communication Technology LTD","product":"V380 IP Camera / AppFHE1_V1.0.6.0","defaultStatus":"unknown","modules":["RTSP live video streaming"],"platforms":["Embedded/Linux"],"versions":[{"version":"AppFHE1_V1.0.6.020230803","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"1c6b5737-9389-4011-8117-89fa251edfb2","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:C/RE:X/U:Red","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T14:54:02.933301Z","id":"CVE-2026-12527","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"1c6b5737-9389-4011-8117-89fa251edfb2","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/AounShAh/Research-on-v380-cctv-ip-camera#broken-access-control-leading-to-critical-live-video-exposure","source":"1c6b5737-9389-4011-8117-89fa251edfb2"},{"url":"https://github.com/AounShAh/Research-on-v380-cctv-ip-camera#broken-access-control-leading-to-critical-live-video-exposure","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-40455","sourceIdentifier":"cvd@cert.pl","published":"2026-06-18T14:17:24.310","lastModified":"2026-06-22T17:49:19.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the \"tarifflist.php\" module due to insufficient sanitization of the POST \"tg[]\" parameter. The application directly concatenates user-supplied array values into an SQL query using \"implode()\", allowing authenticated attackers to perform Error-Based SQL injection and extract sensitive database information."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"LMS","product":"LMS","defaultStatus":"unaffected","programFiles":["modules/tarifflist.php"],"repo":"https://github.com/chilek/lms","versions":[{"version":"0","lessThan":"4cb30a7","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:30:14.559115Z","id":"CVE-2026-40455","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cert.pl/posts/2026/06/CVE-2026-40455","source":"cvd@cert.pl"},{"url":"https://github.com/chilek/lms/commit/4cb30a70e7e3d8a0ea53afa2dbef19d5243d449b","source":"cvd@cert.pl"},{"url":"https://lms.org.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-40456","sourceIdentifier":"cvd@cert.pl","published":"2026-06-18T14:17:24.480","lastModified":"2026-06-22T17:49:19.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the \"exec()\" function without proper validation, allowing attackers to execute arbitrary operating system commands."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"LMS","product":"LMS","defaultStatus":"unaffected","repo":"https://github.com/chilek/lms","versions":[{"version":"0","lessThan":"9fcb4de","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:29:33.310001Z","id":"CVE-2026-40456","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://cert.pl/posts/2026/06/CVE-2026-40455","source":"cvd@cert.pl"},{"url":"https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0ed","source":"cvd@cert.pl"},{"url":"https://lms.org.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-40457","sourceIdentifier":"cvd@cert.pl","published":"2026-06-18T14:17:24.643","lastModified":"2026-06-22T17:49:19.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the \"dbrecover.php\" and \"netremap.php\" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"LMS","product":"LMS","defaultStatus":"unaffected","repo":"https://github.com/chilek/lms","versions":[{"version":"0","lessThan":"9c5651b","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:29:01.396723Z","id":"CVE-2026-40457","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/posts/2026/06/CVE-2026-40455","source":"cvd@cert.pl"},{"url":"https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114","source":"cvd@cert.pl"},{"url":"https://lms.org.pl/","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-42487","sourceIdentifier":"security@xen.org","published":"2026-06-18T14:17:25.297","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HVM guest I/O port accesses are subject to either emulation or at least\ntranslation.  Translations are managed by the device model (via\nXEN_DOMCTL_ioport_mapping), and hence the linked list used may changed\nat any time.  Traversal of those lists (while handling guest I/O port\naccesses) therefore needs synchronizing with updates, which was missing\nso far."}],"affected":[{"source":"security@xen.org","affectedData":[{"vendor":"Xen","product":"Xen","defaultStatus":"unknown","versions":[{"version":"consult Xen advisory XSA-491","status":"unknown"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T14:35:06.701148Z","id":"CVE-2026-42487","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-491.html","source":"security@xen.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/09/11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-491.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42488","sourceIdentifier":"security@xen.org","published":"2026-06-18T14:17:25.410","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Some shadow paging errors paths will switch the page-tables without\nupdating the currently running vCPU reference.  This causes a mismatch\nbetween the loaded page-tables and the mapcache metadata which can lead\nto corruption of the mapcache."}],"affected":[{"source":"security@xen.org","affectedData":[{"vendor":"Xen","product":"Xen","defaultStatus":"unknown","versions":[{"version":"consult Xen advisory XSA-494","status":"unknown"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:02:17.385668Z","id":"CVE-2026-42488","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-494.html","source":"security@xen.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/09/14","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-494.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42489","sourceIdentifier":"security@xen.org","published":"2026-06-18T14:17:25.507","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nTo create and manage guests, domctl operations are used by the control\ndomain, a possible Xenstore domain, or by a domain controlling a\nparticular guest.  Some of these operations may not be executed in\nparallel, so a system-wide lock is used.  The way that lock is acquired\nis, however, not providing any fairness.  This is CVE-2026-42489.\n\nFurthermore, with XSM/Flask in use, the lock acquire will, for some\noperations, occur ahead of any permission checking.  This is\nCVE-2026-42490."}],"affected":[{"source":"security@xen.org","affectedData":[{"vendor":"Xen","product":"Xen","defaultStatus":"unknown","versions":[{"version":"consult Xen advisory XSA-492","status":"unknown"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:04:27.888372Z","id":"CVE-2026-42489","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-667"}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-492.html","source":"security@xen.org"}]}},{"cve":{"id":"CVE-2026-42490","sourceIdentifier":"security@xen.org","published":"2026-06-18T14:17:25.600","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nTo create and manage guests, domctl operations are used by the control\ndomain, a possible Xenstore domain, or by a domain controlling a\nparticular guest.  Some of these operations may not be executed in\nparallel, so a system-wide lock is used.  The way that lock is acquired\nis, however, not providing any fairness.  This is CVE-2026-42489.\n\nFurthermore, with XSM/Flask in use, the lock acquire will, for some\noperations, occur ahead of any permission checking.  This is\nCVE-2026-42490."}],"affected":[{"source":"security@xen.org","affectedData":[{"vendor":"Xen","product":"Xen","defaultStatus":"unknown","versions":[{"version":"consult Xen advisory XSA-492","status":"unknown"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:04:47.308725Z","id":"CVE-2026-42490","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-667"}]}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-492.html","source":"security@xen.org"}]}},{"cve":{"id":"CVE-2026-44942","sourceIdentifier":"meissner@suse.de","published":"2026-06-18T14:17:25.903","lastModified":"2026-06-22T18:32:57.313","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"SUSE","product":"libzypp","defaultStatus":"unaffected","packageName":"libzypp","modules":["repo parsing"],"repo":"https://github.com/opensuse/libzypp","versions":[{"version":"17.0.0","lessThan":"17.38.13","versionType":"semver","status":"affected"},{"version":"0","lessThan":"16.22.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:05:47.827082Z","id":"CVE-2026-44942","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Primary","description":[{"lang":"en","value":"CWE-24"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1267874","source":"meissner@suse.de"},{"url":"https://www.suse.com/security/cve/CVE-2026-44942.html","source":"meissner@suse.de"}]}},{"cve":{"id":"CVE-2026-50141","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T14:17:29.400","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged `agent_id` value into outgoing gRPC metadata. The server correctly verified the JWT token but then discarded the verified agent identity in favor of the client-supplied value. Version 3.14.1 patches the issue. As a workaround, disable org agents (`WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true`) and delete existing ones."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"woodpecker-ci","product":"woodpecker","versions":[{"version":">= 3.0.0, < 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:21:39.524543Z","id":"CVE-2026-50141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/woodpecker-ci/woodpecker-security/issues/21","source":"security-advisories@github.com"},{"url":"https://github.com/woodpecker-ci/woodpecker/issues/6541","source":"security-advisories@github.com"},{"url":"https://github.com/woodpecker-ci/woodpecker/pull/6567","source":"security-advisories@github.com"},{"url":"https://github.com/woodpecker-ci/woodpecker/pull/6569","source":"security-advisories@github.com"},{"url":"https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-g7mm-9vx7-jm7h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54419","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-18T14:17:31.887","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or parameterization. Affected sinks include rooms.php (DELETE FROM Rooms WHERE ID = $_GET['ID'], unquoted numeric context), checkuser.php (WHERE Ext = '$_GET[\"Ext\"]'), ec.php (date/extension parameters in a WHERE), checkin.php and wakeup.php ($_POST values into INSERT statements), bills.php ($_POST fields built into a WHERE clause), and rates.php and checkout.php. A remote, unauthenticated attacker can inject arbitrary SQL to read, modify, or delete arbitrary records in the backing database (e.g. rooms.php?ID=1 OR 1=1 deletes all room records). Note: queries run via the legacy mysql_* extension, which does not permit stacked statements."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"claudiopizzillo","product":"PIAF-HMS","defaultStatus":"affected","collectionURL":"https://github.com/claudiopizzillo/PIAF-HMS","programFiles":["checkin.php","checkout.php","rates.php","rooms.php","bills.php","wakeup.php","checkuser.php","ec.php"],"repo":"https://github.com/claudiopizzillo/PIAF-HMS"}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T12:01:03.819166Z","id":"CVE-2026-54419","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/claudiopizzillo/PIAF-HMS","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/claudiopizzillo/PIAF-HMS/blob/389d2633441b65ced1c104212cd62be2bfca21e5/ec.php#L57","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/claudiopizzillo/PIAF-HMS/blob/389d2633441b65ced1c104212cd62be2bfca21e5/rooms.php#L16","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-8024","sourceIdentifier":"info@cert.vde.com","published":"2026-06-18T14:17:35.190","lastModified":"2026-06-22T17:47:16.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"iba","product":"ibaPDA","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"8.14.0","versionType":"semver","status":"affected"}]},{"vendor":"iba","product":"ibaDatCoordinator","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThan":"4.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T13:11:37.413154Z","id":"CVE-2026-8024","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://certvde.com/en/advisories/VDE-2026-051","source":"info@cert.vde.com"},{"url":"https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2025-27511","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T16:16:50.960","lastModified":"2026-06-24T05:17:25.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"geoserver","product":"org.geoserver.extension:gs-db2","versions":[{"version":"< 2.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2025-27511","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.27.0","matchCriteriaId":"F505198A-5FA2-430C-BD60-610BF1B1B3C3"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/releases/tag/2.27.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://nvd.nist.gov/vuln/detail/cve-2023-27867","source":"security-advisories@github.com","tags":["Not Applicable"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOT-7725","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2025-52465","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T16:16:52.027","lastModified":"2026-06-24T05:17:25.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"geoserver","product":"org.geoserver.web:gs-web-app","versions":[{"version":"< 2.26.4","status":"affected"},{"version":">= 2.27.0, < 2.27.3","status":"affected"}]},{"vendor":"geoserver","product":"org.geoserver.web:gs-web-sec-core","versions":[{"version":"< 2.26.4","status":"affected"},{"version":">= 2.27.0, < 2.27.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2025-52465","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.26.4","matchCriteriaId":"003F5494-D544-4EF9-A951-96A2CBE0C458"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionStartIncluding":"2.27.0","versionEndExcluding":"2.27.3","matchCriteriaId":"3E0712B8-BE54-43DF-9CCE-3A65824138C4"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/pull/8584","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOS-11852","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild","source":"security-advisories@github.com","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2025-58175","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T16:16:52.173","lastModified":"2026-06-22T17:08:48.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"geoserver","product":"org.geoserver.web:gs-web-app","versions":[{"version":"< 2.26.4","status":"affected"},{"version":">= 2.27.0, < 2.27.3","status":"affected"}]},{"vendor":"geoserver","product":"org.geoserver:gs-main","versions":[{"version":"< 2.26.4","status":"affected"},{"version":">= 2.27.0, < 2.27.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:25:52.864367Z","id":"CVE-2025-58175","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-611"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.26.4","matchCriteriaId":"003F5494-D544-4EF9-A951-96A2CBE0C458"},{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionStartIncluding":"2.27.0","versionEndExcluding":"2.27.3","matchCriteriaId":"3E0712B8-BE54-43DF-9CCE-3A65824138C4"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/pull/8622","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOS-11867","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-22551","sourceIdentifier":"emo@eclipse.org","published":"2026-06-18T16:16:52.960","lastModified":"2026-06-22T20:03:38.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Eclipse Theia","defaultStatus":"unaffected","repo":"https://github.com/eclipse-theia/theia","versions":[{"version":"0","lessThan":"1.71.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T15:25:00.091475Z","id":"CVE-2026-22551","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-201"},{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*","versionEndExcluding":"1.71.0","matchCriteriaId":"162528FA-7AE5-4808-8756-2FDF93ED0DD2"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/work_items/115","source":"emo@eclipse.org","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44688","sourceIdentifier":"emo@eclipse.org","published":"2026-06-18T16:16:53.977","lastModified":"2026-06-22T19:49:13.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Eclipse Theia","defaultStatus":"unaffected","repo":"https://github.com/eclipse-theia/theia","versions":[{"version":"0","lessThan":"1.71.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T00:00:00+00:00","id":"CVE-2026-44688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*","versionEndExcluding":"1.71.0","matchCriteriaId":"162528FA-7AE5-4808-8756-2FDF93ED0DD2"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/work_items/113","source":"emo@eclipse.org","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-44691","sourceIdentifier":"emo@eclipse.org","published":"2026-06-18T16:16:54.097","lastModified":"2026-06-22T19:47:14.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Eclipse Theia","defaultStatus":"unaffected","repo":"https://github.com/eclipse-theia/theia","versions":[{"version":"0","lessThan":"1.69.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T00:00:00+00:00","id":"CVE-2026-44691","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*","versionEndExcluding":"1.69.0","matchCriteriaId":"45611AA9-308D-4B13-A3EE-748DEEC397BD"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/work_items/116","source":"emo@eclipse.org","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46580","sourceIdentifier":"emo@eclipse.org","published":"2026-06-18T16:16:54.213","lastModified":"2026-06-22T19:45:40.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Eclipse Theia","defaultStatus":"unaffected","repo":"https://github.com/eclipse-theia/theia","versions":[{"version":"0","lessThan":"1.71.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T00:00:00+00:00","id":"CVE-2026-46580","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*","versionEndExcluding":"1.71.0","matchCriteriaId":"162528FA-7AE5-4808-8756-2FDF93ED0DD2"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114","source":"emo@eclipse.org","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2025-32436","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T17:16:26.797","lastModified":"2026-06-22T14:16:22.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video and audio in a temporary directory without deleting before all noded are done. `StepThroughItemsBlock` can be used to iterate `MediaDurationBlock` multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `AddAudioToVideoBlock` does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Significant-Gravitas","product":"AutoGPT","versions":[{"version":"< 0.6.63","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:31:47.479922Z","id":"CVE-2025-32436","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-g26x-xwc5-7p44","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-g26x-xwc5-7p44","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-53114","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T17:16:27.150","lastModified":"2026-06-23T15:50:59.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged message queue to grow indefinitely, eventually causing an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue. As a workaround, disable the acknowledgement extension."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cometd","product":"cometd","versions":[{"version":">= 5.0.0, < 5.0.23","status":"affected"},{"version":">= 6.0.0, < 6.0.19","status":"affected"},{"version":">= 7.0.0, < 7.0.19","status":"affected"},{"version":">= 8.0.0, < 8.0.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:30:58.888648Z","id":"CVE-2025-53114","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/cometd/cometd/discussions/2116","source":"security-advisories@github.com"},{"url":"https://github.com/cometd/cometd/issues/2117","source":"security-advisories@github.com"},{"url":"https://github.com/cometd/cometd/pull/2118","source":"security-advisories@github.com"},{"url":"https://github.com/cometd/cometd/pull/2168","source":"security-advisories@github.com"},{"url":"https://github.com/cometd/cometd/pull/2169","source":"security-advisories@github.com"},{"url":"https://github.com/cometd/cometd/security/advisories/GHSA-cqgj-h8vf-4w59","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-11982","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-18T17:16:28.093","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Grav","product":"grav-plugin-api","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"1.7.52","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:26:15.325554Z","id":"CVE-2026-11982","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/luis","source":"help@fluidattacks.com"},{"url":"https://github.com/getgrav/grav-plugin-api","source":"help@fluidattacks.com"},{"url":"https://github.com/getgrav/grav-plugin-api/commit/b8ca62eddb7dbea92075a78b1c0a507f03d66d4a","source":"help@fluidattacks.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-5wc5-7v9g-f7v6","source":"help@fluidattacks.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-5wc5-7v9g-f7v6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-38714","sourceIdentifier":"cve@mitre.org","published":"2026-06-18T17:16:30.107","lastModified":"2026-06-22T17:47:33.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:39:33.279261Z","id":"CVE-2026-38714","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir915l-fq39-s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"C475AEEC-04AB-4723-A05D-D4C0A3775FD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir915l-fq39-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C65E29A4-812C-4CAF-99BE-886F3AE4413A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir912l-fq58_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"4B253502-930B-46BF-A0DF-589B32C18ECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir912l-fq58:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFDA81A-1EBA-4DC1-B6DE-1D0E2115FAAC"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38715","sourceIdentifier":"cve@mitre.org","published":"2026-06-18T17:16:30.220","lastModified":"2026-06-22T17:48:35.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:38:52.394137Z","id":"CVE-2026-38715","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir915l-fq39-s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"C475AEEC-04AB-4723-A05D-D4C0A3775FD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir915l-fq39-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C65E29A4-812C-4CAF-99BE-886F3AE4413A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir912l-fq58_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"4B253502-930B-46BF-A0DF-589B32C18ECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir912l-fq58:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFDA81A-1EBA-4DC1-B6DE-1D0E2115FAAC"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38716","sourceIdentifier":"cve@mitre.org","published":"2026-06-18T17:16:30.320","lastModified":"2026-06-22T17:48:52.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:44:39.062208Z","id":"CVE-2026-38716","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir915l-fq39-s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"C475AEEC-04AB-4723-A05D-D4C0A3775FD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir915l-fq39-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C65E29A4-812C-4CAF-99BE-886F3AE4413A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir912l-fq58_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"4B253502-930B-46BF-A0DF-589B32C18ECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir912l-fq58:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFDA81A-1EBA-4DC1-B6DE-1D0E2115FAAC"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38717","sourceIdentifier":"cve@mitre.org","published":"2026-06-18T17:16:30.420","lastModified":"2026-06-22T17:48:43.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:43:27.767643Z","id":"CVE-2026-38717","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir915l-fq39-s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"C475AEEC-04AB-4723-A05D-D4C0A3775FD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir915l-fq39-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C65E29A4-812C-4CAF-99BE-886F3AE4413A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir912l-fq58_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"4B253502-930B-46BF-A0DF-589B32C18ECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir912l-fq58:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFDA81A-1EBA-4DC1-B6DE-1D0E2115FAAC"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38718","sourceIdentifier":"cve@mitre.org","published":"2026-06-18T17:16:30.523","lastModified":"2026-06-22T17:49:00.943","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:39:07.489240Z","id":"CVE-2026-38718","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir915l-fq39-s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"C475AEEC-04AB-4723-A05D-D4C0A3775FD5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir915l-fq39-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C65E29A4-812C-4CAF-99BE-886F3AE4413A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir912l-fq58_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0.r20044","matchCriteriaId":"4B253502-930B-46BF-A0DF-589B32C18ECF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir912l-fq58:-:*:*:*:*:*:*:*","matchCriteriaId":"5FFDA81A-1EBA-4DC1-B6DE-1D0E2115FAAC"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48617","sourceIdentifier":"support@hackerone.com","published":"2026-06-18T17:16:31.460","lastModified":"2026-06-22T20:20:18.547","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N","baseScore":1.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.3,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:27:45.392825Z","id":"CVE-2026-48617","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"http://hackerone.com/reports/3692858","source":"support@hackerone.com"},{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-54103","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:33.387","lastModified":"2026-06-22T14:17:41.063","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Government Accountability Office","product":"Electronic Protest Docketing System (EPDS)","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-02-22","versionType":"custom","status":"affected"},{"version":"2026-02-22","status":"unaffected"}]},{"vendor":"Civilian Board of Contract Appeals","product":"Electronic Docketing System (EDS)","defaultStatus":"affected","versions":[{"version":"0","lessThan":"2026-03-19","versionType":"custom","status":"affected"},{"version":"2026-03-19","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-11T16:17:36.004930Z","id":"CVE-2026-54103","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-19T03:55:59.525967Z","id":"CVE-2026-54103","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://epds.gao.gov/","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54103","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.eds.cbca.gov/login","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-54104","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:33.567","lastModified":"2026-06-22T14:17:41.693","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the 'epds_role_id' parameter without verification, allowing a remote, authenticated attacker to escalate their own privileges."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Government Accountability Office","product":"Electronic Protest Docketing System (EPDS)","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-02-22","versionType":"custom","status":"affected"},{"version":"2026-02-22","status":"unaffected"}]},{"vendor":"Civilian Board of Contract Appeals","product":"Electronic Docketing System (EDS)","defaultStatus":"affected","versions":[{"version":"0","lessThan":"2026-03-19","versionType":"custom","status":"affected"},{"version":"2026-03-19","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-11T16:16:59.303813Z","id":"CVE-2026-54104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-19T03:56:02.589399Z","id":"CVE-2026-54104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-602"}]}],"references":[{"url":"https://epds.gao.gov/","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54104","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.eds.cbca.gov/login","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-54105","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:33.710","lastModified":"2026-06-24T21:16:57.890","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Government Accountability Office","product":"Electronic Protest Docketing System (EPDS)","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-02-22","versionType":"custom","status":"affected"},{"version":"2026-02-22","status":"unaffected"}]},{"vendor":"Civilian Board of Contract Appeals","product":"Electronic Docketing System (EDS)","defaultStatus":"affected","versions":[{"version":"0","lessThan":"2026-03-19","versionType":"custom","status":"affected"},{"version":"2026-03-19","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-11T16:16:19.191886Z","id":"CVE-2026-54105","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:53:57.662222Z","id":"CVE-2026-54105","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://epds.gao.gov/","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54105","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.eds.cbca.gov/login","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-54106","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:33.847","lastModified":"2026-06-24T21:16:58.007","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Government Accountability Office","product":"Electronic Protest Docketing System (EPDS)","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2026-02-22","versionType":"custom","status":"affected"},{"version":"2026-02-22","status":"unaffected"}]},{"vendor":"Civilian Board of Contract Appeals","product":"Electronic Docketing System (EDS)","defaultStatus":"affected","versions":[{"version":"0","lessThan":"2026-03-19","versionType":"custom","status":"affected"},{"version":"2026-03-19","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-06-11T19:54:32.618326Z","id":"CVE-2026-54106","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:52:03.881548Z","id":"CVE-2026-54106","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]}],"references":[{"url":"https://epds.gao.gov/","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54106","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.eds.cbca.gov/login","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-55203","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T17:16:34.373","lastModified":"2026-06-26T02:47:33.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"haproxy","product":"haproxy","defaultStatus":"unaffected","repo":"https://github.com/haproxy/haproxy","versions":[{"version":"0","lessThanOrEqual":"3.4.0","versionType":"semver","status":"affected"},{"version":"5985276735777634d8c85f1d73bb7764aab0d6dd","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:04:34.549032Z","id":"CVE-2026-55203","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.0","matchCriteriaId":"887629D9-3BD4-4D2A-A6FE-FBE640CC5986"}]}]}],"references":[{"url":"https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.vulncheck.com/advisories/haproxy-integer-overflow-in-fcgi-demux-record-length-field","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55204","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T17:16:34.567","lastModified":"2026-06-26T02:39:04.123","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HAProxy through  3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"haproxy","product":"haproxy","defaultStatus":"unaffected","repo":"https://github.com/haproxy/haproxy","versions":[{"version":"0","lessThanOrEqual":"3.4.0","versionType":"semver","status":"affected"},{"version":"9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:26:27.738915Z","id":"CVE-2026-55204","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.0","matchCriteriaId":"887629D9-3BD4-4D2A-A6FE-FBE640CC5986"}]}]}],"references":[{"url":"https://github.com/haproxy/haproxy/commit/9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.vulncheck.com/advisories/haproxy-null-pointer-dereference-in-hpack-dht-insert-function","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55205","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T17:16:34.767","lastModified":"2026-06-22T18:43:10.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and thread resources, potentially triggering repeated outbound device-code requests to upstream OAuth providers."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nesquena","product":"hermes-webui","defaultStatus":"unaffected","repo":"https://github.com/nesquena/hermes-webui","packageURL":"pkg:npm/hermes-webui-devtools","versions":[{"version":"0","lessThan":"0.51.468","versionType":"semver","status":"affected"},{"version":"0.51.468","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T17:36:03.154710Z","id":"CVE-2026-55205","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/nesquena/hermes-webui/commit/ce272d9cd5f8e5a4521278f56eb5388010901646","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3970","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/4338","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.51.468","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hermes-webui-resource-exhaustion-via-unauthenticated-oauth-flow-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nesquena/hermes-webui/pull/3970","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56020","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:35.247","lastModified":"2026-06-22T17:52:22.897","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Webmin","product":"Webmin","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2.641","versionType":"custom","status":"affected"},{"version":"2.641","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-05-29T20:04:47.266910Z","id":"CVE-2026-56020","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-19T03:55:50.732526Z","id":"CVE-2026-56020","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/webmin/webmin/releases/tag/2.641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://webmin.com/security/#webmin-prior-to-2641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-56020","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-56021","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:35.380","lastModified":"2026-06-24T21:16:58.123","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Webmin","product":"Webmin","defaultStatus":"unknown","versions":[{"version":"*","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-05-29T20:05:32.308076Z","id":"CVE-2026-56021","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:54:17.406725Z","id":"CVE-2026-56021","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-185"},{"lang":"en","value":"CWE-777"}]}],"references":[{"url":"https://github.com/webmin/webmin/releases/tag/2.641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://webmin.com/security/#webmin-prior-to-2641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-56021","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-56022","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-06-18T17:16:35.530","lastModified":"2026-06-24T21:16:58.237","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"Webmin","product":"Webmin","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"2.641","versionType":"custom","status":"affected"},{"version":"2.641","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-05-29T20:06:09.689996Z","id":"CVE-2026-56022","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:54:55.353387Z","id":"CVE-2026-56022","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-308"}]}],"references":[{"url":"https://github.com/webmin/webmin/releases/tag/2.641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-169-02.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://webmin.com/security/#webmin-prior-to-2641","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-56022","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-48984","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T18:16:19.493","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree() memory release helper in calls free() without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read from disk — without clearing, leaving the sensitive content in freed heap memory until it happens to be overwritten by a subsequent allocation. On a system where a use-after-free condition exists, or where a heap inspection primitive becomes available, this could allow recovery of pad values or other authentication material from freed memory regions. This is a defence-in-depth requirement consistent with prior hardening work in this codebase (GHSA-vx6f-rrqr-j87c applied explicit_bzero to some pad paths; this issue generalises the pattern to the central deallocation helper)."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:47:42.610995Z","id":"CVE-2026-48984","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-14"},{"lang":"en","value":"CWE-226"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-rmp6-wfrq-wrrc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48985","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T18:16:19.660","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_loginctl_local() can cause a NULL dereference crash when parsing loginctl output. The function calls popen() and reads the result; if the Remote field is only a newline, fgets() succeeds but strtok_r(buf, \"\\n\", &saveptr) returns NULL. A subsequent strcmp(is_remote, \"no\") then dereferences NULL, causing undefined behavior (typically SIGSEGV) and crashing the PAM module. This can crash the authenticating process (e.g., sudo, login) and, depending on PAM stack configuration, deny access for all users of the affected service. This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:08:54.015120Z","id":"CVE-2026-48985","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-7j6h-wfc2-mg5q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48986","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T18:16:19.807","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earlier, usb_get_process_parent_id() can cause an infinite loop DoS because it does not initialize *ppid on failure. In pusb_local_login(), the same variable is reused as input and output in a process-tree while loop; if /proc/<pid>/stat cannot be read (for example, when an ancestor process exits during authentication), the PID is not updated and the loop does not terminate. This hangs the authenticating process (such as sudo, sshd, or login) until it is forcibly terminated. This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:34:27.319918Z","id":"CVE-2026-48986","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-h28h-9hc3-v595","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54390","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T18:16:19.943","lastModified":"2026-06-23T13:16:42.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"JTL Software","product":"JTL Shop","defaultStatus":"affected","versions":[{"version":"5.0.0","lessThanOrEqual":"5.1.8","versionType":"semver","status":"unaffected"},{"version":"5.2.0","lessThan":"5.4.0","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThanOrEqual":"5.7.1","versionType":"semver","status":"affected"},{"version":"5.5.4","versionType":"semver","status":"unaffected"},{"version":"5.6.2","versionType":"semver","status":"unaffected"},{"version":"5.7.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:39:02.156506Z","id":"CVE-2026-54390","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://forum.jtl-software.de/threads/jtl-shop-5-7-aktuell-5-7-2.246278/","source":"disclosure@vulncheck.com"},{"url":"https://sansec.io/research/jtl-shop-ssti-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/jtl-shop-server-side-template-injection-via-smarty-renderer","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-12390","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-18T19:16:22.130","lastModified":"2026-06-22T20:30:53.723","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AzeoTech","product":"DAQFactory","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"21.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:42:07.085552Z","id":"CVE-2026-12390","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-47833","sourceIdentifier":"security@vmware.com","published":"2026-06-18T19:16:23.253","lastModified":"2026-06-22T20:23:26.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownership of /etc/shadow and read every password hash on the host via the read-only /etc bind mount. This is a container-to-host confidentiality break affecting every bpm-managed job.\n\nAffected versions: bpm-release, all versions prior to v1.4.30."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Cloud Foundry Foundation","product":"bpm-release","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.4.30","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:08:03.392017Z","id":"CVE-2026-47833","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2026-47833-symlink-vulnerability-in-setupbpmlogs-allows-container-to-host-privilege-escalation-via-etc-shadow/","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-48937","sourceIdentifier":"support@hackerone.com","published":"2026-06-18T19:16:23.507","lastModified":"2026-06-22T20:20:18.547","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:43:55.210236Z","id":"CVE-2026-48937","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://hackerone.com/reports/3658225","source":"support@hackerone.com"},{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-55392","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T19:16:23.630","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nilfs-dev","product":"nilfs-utils","defaultStatus":"unaffected","repo":"https://github.com/nilfs-dev/nilfs-utils","versions":[{"version":"0","lessThanOrEqual":"2.3.0","versionType":"semver","status":"affected"},{"version":"26efb5daff0757365101035145331b0a5a85d9d9","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:53:49.632075Z","id":"CVE-2026-55392","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daff0757365101035145331b0a5a85d9d9","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nilfs-dev/nilfs-utils/issues/26","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9692","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-18T19:16:23.790","lastModified":"2026-06-22T18:45:41.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely.\n\nThe default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID.\n\nThese are predictable or low-entropy sources that are unsuitable for security purposes."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HAYAJO","product":"Mojolicious::Sessions::Storable","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Mojolicious-Plugin-SessionStore","programRoutines":[{"name":"Mojolicious::Sessions::Storable#sid_generator"}],"repo":"https://github.com/hayajo/Mojolicious-Plugin-SessionStore","versions":[{"version":"0","lessThanOrEqual":"0.05","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T18:47:24.948872Z","id":"CVE-2026-9692","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"},{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://metacpan.org/release/HAYAJO/Mojolicious-Plugin-SessionStore-0.05/source/lib/Mojolicious/Sessions/Storable.pm#L11-15","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/docs/guides/random-data-for-security.html","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/M/Mojolicious-Plugin-SessionStore/0.05/CVE-2026-9692-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-40923","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-25865","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T20:16:12.923","lastModified":"2026-06-23T15:29:08.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Yandex","product":"Punto Switcher","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"4.5.0.583","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:35:23.798303Z","id":"CVE-2026-25865","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://spektion.com/articles/cve-2026-25865-punto-switcher","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec","source":"disclosure@vulncheck.com"},{"url":"https://yandex.ru/soft/punto","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-43915","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:13.287","lastModified":"2026-06-26T02:35:52.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that executes when an authenticated web-admin user views the TURN session list. In configurations using anonymous TURN access (--no-auth), this may be exploitable without TURN credentials. In authenticated deployments, exploitation requires valid TURN credentials or control over a provisioned username. This issue has been fixed in version 4.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T19:53:34.616522Z","id":"CVE-2026-43915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coturn_project:coturn:*:*:*:*:*:*:*:*","versionEndExcluding":"4.11.0","matchCriteriaId":"E838C569-3F81-4CFE-8DC3-5C5973F53C60"}]}]}],"references":[{"url":"https://github.com/coturn/coturn/releases/tag/4.11.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-xxf5-9vj2-g84j","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47846","sourceIdentifier":"security@vmware.com","published":"2026-06-18T20:16:13.630","lastModified":"2026-06-22T20:23:26.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path.\n\nAffected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Bitnami","product":"bitnami/cassandra","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.20-photon-5-r7","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.11-photon-5-r7","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.8-photon-5-r4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T20:24:48.336664Z","id":"CVE-2026-47846","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/bitnami/containers/security/advisories/GHSA-8q3j-37vg-8fc2","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-47847","sourceIdentifier":"security@vmware.com","published":"2026-06-18T20:16:13.740","lastModified":"2026-06-22T20:23:26.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default.\n\nAffected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Bitnami","product":"bitnami/mariadb-galera","defaultStatus":"unaffected","versions":[{"version":"10.6.0","lessThan":"10.6.27-photon-5-r0","versionType":"custom","status":"affected"},{"version":"10.11.0","lessThan":"10.11.17-photon-5-r1","versionType":"custom","status":"affected"},{"version":"11.4.0","lessThan":"11.4.12-photon-5-r0","versionType":"custom","status":"affected"},{"version":"11.8.0","lessThan":"11.8.7-photon-5-r1","versionType":"custom","status":"affected"},{"version":"12.3.0","lessThan":"12.3.2-photon-5-r0","versionType":"custom","status":"affected"}]},{"vendor":"Bitnami","product":"bitnami/mariadb-galera Helm chart","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"18.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T20:24:19.143214Z","id":"CVE-2026-47847","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/bitnami/containers/security/advisories/GHSA-xcv9-cg8m-3mf2","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-48716","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:13.850","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes them to disk using a filename derived from the sender's message via documentMessage.fileName, which is concatenated with a prefix and its raw value is passed directly to path.join(mediaDir, outFilename). Node.js path.join resolves .. components, allowing an attacker to escape the intended media/ directory by sending a document with a crafted fileName such as ../../../.ssh/authorized_keys. Because the attacker also controls the file content (the downloaded buffer), this is a write-anywhere primitive — both path and content are attacker-controlled. A fix for this issue is planned for version 0.1.5.post4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"HKUDS","product":"nanobot","versions":[{"version":"<= 0.1.5.post3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:40:56.174780Z","id":"CVE-2026-48716","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/HKUDS/nanobot/security/advisories/GHSA-3f63-vcp3-hvqr","source":"security-advisories@github.com"},{"url":"https://github.com/HKUDS/nanobot/security/advisories/GHSA-3f63-vcp3-hvqr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48980","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:14.273","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2,  getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or remote, and a PAM module that runs in the context of setuid binaries (sudo, su), getenv() returns attacker-controlled values whenever the process environment has been manipulated by a local user. This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-18T20:25:21.713697Z","id":"CVE-2026-48980","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-454"},{"lang":"en","value":"CWE-807"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-qr83-mf3h-fvqr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48981","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:14.407","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing libxml2 to process external entity references (XXE), potentially making outbound network connections or local file reads at XML parse time from the context of the authenticating process. The vulnerability requires the configuration file to contain crafted XML entity references. Since pam_usb.conf is root-owned, direct exploitation requires prior write access to the config, but the defence-in-depth impact is significant given that pam_usb.so runs in setuid contexts (sudo, su). This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:19:25.463710Z","id":"CVE-2026-48981","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-96vv-r4wc-28c2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48982","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:14.530","lastModified":"2026-06-22T18:16:40.167","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent processes racing to update the same pad may both succeed in opening the file, with the second write silently overwriting the first. The one-time pad is the core replay-prevention mechanism of pam_usb. A successful race could result in the stored pad value diverging from what either process expected, potentially causing authentication failures or, in a precisely timed attack, creating a window for pad reuse. This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:35:08.355851Z","id":"CVE-2026-48982","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-hxh6-9574-5vp6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48983","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T20:16:14.657","lastModified":"2026-06-22T17:56:35.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pam_usb uses a check-then-act pattern: it calls lstat() to test for existence and then calls mkdir() separately to create the directory. A local attacker can win the race between these calls by replacing the target path with a symlink to a directory they control. If successful, one-time pad files may be written to an attacker-controlled location, potentially exposing future pad values before use or disrupting authentication. This issue has been fixed in version 0.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mcdope","product":"pam_usb","versions":[{"version":"< 0.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:41:19.864255Z","id":"CVE-2026-48983","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://github.com/mcdope/pam_usb/releases/tag/0.9.2","source":"security-advisories@github.com"},{"url":"https://github.com/mcdope/pam_usb/security/advisories/GHSA-4j8q-67fq-3xc3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2025-15661","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T21:16:27.143","lastModified":"2026-06-26T02:35:13.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"libssh2","product":"libssh2","defaultStatus":"affected","repo":"https://github.com/libssh2/libssh2","versions":[{"version":"0","lessThanOrEqual":"1.11.1","versionType":"semver","status":"affected"},{"version":"2dae3024897e1898d389835151f4e9606227721d","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:07:05.411976Z","id":"CVE-2025-15661","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.1","matchCriteriaId":"00D62356-F677-41CF-AC66-2871AD2112BA"}]}]}],"references":[{"url":"https://github.com/libssh2/libssh2/commit/2dae3024897e1898d389835151f4e9606227721d","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/libssh2/libssh2/pull/1705","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/libssh2/libssh2/pull/1717","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.vulncheck.com/advisories/libssh2-heap-buffer-over-read-via-sftp-symlink-in-sftp-c","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43994","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:28.630","lastModified":"2026-06-26T02:30:37.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an attacker-supplied OAuth access token (0-65535) is passed directly to memcpy() as the copy length into a 256-byte stack buffer (oauth_encrypted_block.nonce[256]) without bounds checking. The overflow occurs before AES-GCM authentication is verified, the attacker does not need to know the OAuth key or produce a valid AES-GCM token. Up to 735 bytes of attacker-controlled data are written past the buffer, may corrupt adjacent stack data, including control-flow data depending on compiler, ABI, and mitigations. Requires --oauth mode (non-default). This may provide a plausible RCE primitive depending on exploit mitigations; because coturn is widely deployed for WebRTC TURN/STUN and --oauth is commonly recommended, impact can be broad. This issue has been fixed in version 4.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:06:24.207624Z","id":"CVE-2026-43994","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coturn_project:coturn:*:*:*:*:*:*:*:*","versionEndExcluding":"4.10.0","matchCriteriaId":"85DBA1D9-6569-4125-AA06-D066B094A1B1"}]}]}],"references":[{"url":"https://github.com/coturn/coturn/releases/tag/4.10.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44663","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:28.767","lastModified":"2026-06-26T02:20:43.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. decode->channels[i].width (int32_t) is multiplied by bytes_per_element in 32-bit signed arithmetic. With large widths (e.g., >= 536870912 for FLOAT data), this overflows, producing a corrupted offset that is later used for pointer arithmetic and can cause a heap out-of-bounds write. The same unchecked multiplication pattern appears in two other HTJ2K paths (bytes-per-line accumulation and pixel-line pointer advancement). As with related CVE-2026-34378 through CVE-2026-34589 fixes in other codecs, validating only after the multiplication is too late because the value may already be overflowed. This issue has been fixed in version 3.4.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"AcademySoftwareFoundation","product":"openexr","versions":[{"version":">= 3.4.0, < 3.4.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:47:13.159306Z","id":"CVE-2026-44663","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.12","matchCriteriaId":"CE4AA511-B965-4D8D-A4A6-384B7E6D4F85"}]}]}],"references":[{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46699","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:29.053","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub username takeover. The root cause is the use of mutable GitHub usernames as identifiers for repository invitation routing, rather than stable, immutable GitHub user IDs. Version 3.61.0 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"conda-forge","product":"conda-smithy","versions":[{"version":"< 3.61.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:42:52.070765Z","id":"CVE-2026-46699","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/conda-forge/conda-smithy/commit/3b0bcd92ebd6f41edd341401d84583a20911c587","source":"security-advisories@github.com"},{"url":"https://github.com/conda-forge/conda-smithy/security/advisories/GHSA-g95q-3cmj-fvh8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49248","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:29.500","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim from TAR entry getLinkName() without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to arbitrary server-side locations. This is exploitable by any authenticated user with CI Job write access — no admin interaction required. This is an incomplete fix bypass of CVE-2021-21251 (GHSA-2w6j-wc8c-9mq2): that patch blocked .. path segments but did not address absolute symlink targets. This issue has been fixed in version 15.0.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"theonedev","product":"onedev","versions":[{"version":"< 15.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:40:49.188433Z","id":"CVE-2026-49248","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-61"}]}],"references":[{"url":"https://github.com/theonedev/onedev/commit/4f8684acebc4bfeefd3c7e23a34a4fd591cb27ad","source":"security-advisories@github.com"},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-55g8-94r5-cj37","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49252","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:29.643","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5  are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any record. This issue has been fixed in version 10.0.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"deepstreamIO","product":"deepstream.io","versions":[{"version":"< 10.0.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:10:20.891417Z","id":"CVE-2026-49252","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/deepstreamIO/deepstream.io/commit/54b8e2958a98df444b5b5d9a66e22872afd84e44","source":"security-advisories@github.com"},{"url":"https://github.com/deepstreamIO/deepstream.io/security/advisories/GHSA-9v98-6g37-x9g6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49257","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:29.780","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and table-config mutation, are reachable by any network-adjacent caller. The server proxies these calls using server-side Pinot credentials, producing a confused-deputy condition that yields full read/write access to the configured Pinot cluster. This issue has been fixed in version 3.1.0"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"startreedata","product":"mcp-pinot","versions":[{"version":"< 3.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:08:14.343515Z","id":"CVE-2026-49257","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/startreedata/mcp-pinot/commit/1c7d3f9cd384854bf72c127d230bdb32299475ad","source":"security-advisories@github.com"},{"url":"https://github.com/startreedata/mcp-pinot/issues/90","source":"security-advisories@github.com"},{"url":"https://github.com/startreedata/mcp-pinot/pull/95","source":"security-advisories@github.com"},{"url":"https://github.com/startreedata/mcp-pinot/security/advisories/GHSA-73cv-556c-w3g6","source":"security-advisories@github.com"},{"url":"https://github.com/startreedata/mcp-pinot/security/advisories/GHSA-73cv-556c-w3g6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49454","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T21:16:29.920","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was incomplete as :public_key.verify over the exclusive-C14N canonicalized SignedInfo was not performed against the configured IdP certificate's public key, DigestValue was not recomputed over the canonicalized referenced element, and canonicalize/2 remained an unused passthrough in the signature-verification path. The result was a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes. A forged SignatureValue carrying an attacker-controlled NameID could be accepted as {:ok}. This issue has been fixed in version 1.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"szTheory","product":"relyra","versions":[{"version":">= 1.0.0, < 1.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:50:42.585285Z","id":"CVE-2026-49454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/szTheory/relyra/commit/2e456897af3158c175bb490ce7fc51d6241c8922","source":"security-advisories@github.com"},{"url":"https://github.com/szTheory/relyra/commit/8910200","source":"security-advisories@github.com"},{"url":"https://github.com/szTheory/relyra/security/advisories/GHSA-jv46-xfwm-36j7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-22674","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T22:16:30.117","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary JavaScript in the browser of every authenticated user on every page load."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"hashgraph","product":"guardian","defaultStatus":"affected","repo":"https://github.com/hashgraph/guardian","versions":[{"version":"0","lessThanOrEqual":"3.6.0","versionType":"semver","status":"affected"},{"version":"ba8c566807848cf84360716438056d8d8d2c8362","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:42:27.377592Z","id":"CVE-2026-22674","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/hashgraph/guardian/commit/ba8c566807848cf84360716438056d8d8d2c8362","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hashgraph/guardian/pull/6190","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hashgraph-guardian-stored-xss-via-branding-companyname-field","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-32174","sourceIdentifier":"secure@microsoft.com","published":"2026-06-18T22:16:30.290","lastModified":"2026-06-24T15:19:03.857","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure AI Bot Service","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:25:31.047366Z","id":"CVE-2026-32174","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_ai_bot_service:-:*:*:*:*:*:*:*","matchCriteriaId":"5720F705-09CD-48BE-A6F7-EC9696104A24"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32174","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47633","sourceIdentifier":"secure@microsoft.com","published":"2026-06-18T22:16:31.613","lastModified":"2026-06-26T18:54:36.307","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Cost Management","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:03:24.530337Z","id":"CVE-2026-47633","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:cost_management:-:*:*:*:*:*:*:*","matchCriteriaId":"AB151840-A70C-4BEA-8682-D41840C67369"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47633","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47647","sourceIdentifier":"secure@microsoft.com","published":"2026-06-18T22:16:31.747","lastModified":"2026-06-25T18:57:14.017","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Dynamics 365","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-47647","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:dynamics_365:-:*:*:*:*:*:*:*","matchCriteriaId":"C15C647E-AEB0-48A2-B15C-6EFF5C91731E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47647","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49205","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T22:16:31.937","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ is an open source FAQ web application. Versions prior to  4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this->userHasPermission(PermissionType::BACKUP). The same fix was not applied to 4 other write endpoints in the public API. All 4 only call $this->hasValidToken() — which checks a shared API key header, rather than the individual user's role permissions. The following APIs are affected: POST /api/v4.0/category (CategoryController::create), POST /api/v4.0/faq (FaqController::create), PUT /api/v4.0/faq (FaqController::update), and POST /api/v4.0/question (QuestionController::create). This issue has been fixed in version 4.1.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"thorsten","product":"phpMyFAQ","versions":[{"version":"< 4.1.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:43:51.674230Z","id":"CVE-2026-49205","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/commit/d5c195b1ecf5dc30fb825d7eb50d22481c24cb07","source":"security-advisories@github.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-8c6h-7g6x-m5x4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54017","sourceIdentifier":"security-advisories@github.com","published":"2026-06-18T22:16:32.080","lastModified":"2026-06-24T19:04:33.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does not fully confine the user-controlled `path` segment before forwarding it to an admin-configured terminal server. An authenticated user who has been granted access to a terminal server can craft `path` values containing encoded `../` traversal sequences that escape the intended path (or policy) scope on that server, reaching unintended endpoints and files on the terminal-server host. Where the terminal server fans requests out to internal services, this also gives SSRF-style reach into those services. This is a separate code path from the `/api/v1/retrieval/process/web` SSRF (GHSA-c6xv-rcvw-v685), with its own input. Two distinct vectors are consolidated here: first, raw path forwarding / single-encoded traversal (original report); and second, a bypass of the subsequently-added `_sanitize_proxy_path` mitigation using double-encoded dots (`%252e%252e`). The attacker-controlled input is the request `path`, supplied by the non-admin user, not anything an administrator configures, so this is not an admin-trust / Rule-9 situation. Version 0.9.6 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:14:05.304709Z","id":"CVE-2026-54017","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-r2wg-2mcr-66rv","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-r2wg-2mcr-66rv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54130","sourceIdentifier":"secure@microsoft.com","published":"2026-06-18T22:16:32.223","lastModified":"2026-06-25T18:59:48.343","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Copilot","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-54130","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*","matchCriteriaId":"E4A390D9-7457-430A-82CC-A24DA275BF06"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8100","sourceIdentifier":"security@progress.com","published":"2026-06-18T22:16:32.353","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Impact\n\nA security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass standard access controls gaining additional privileges, potentially allowing access to API endpoints that are intended to be restricted to higher-permissioned roles. The impact is limited to environments where the affected request patterns can be triggered and depends on specific deployment configuration and access controls in place.\nResolution\nThe issue has been addressed through product updates that improve request validation and enforce strict path normalization before authorization checks.  Customers are advised to update to the latest available version containing the fix, version 1.7.1 or later."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress Chef","product":"Chef360","defaultStatus":"unaffected","collectionURL":"https://docs.chef.io/360/1.7/","packageName":"api-gateway","modules":["NGINX"],"platforms":["Linux","x86","ARM","64 bit"],"versions":[{"version":"0","lessThan":"1.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:M/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:11:24.733974Z","id":"CVE-2026-8100","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://community.progress.com/s/article/Authentication-Bypass-via-URL-Encoded-Path-Traversal","source":"security@progress.com"}]}},{"cve":{"id":"CVE-2026-8668","sourceIdentifier":"security@progress.com","published":"2026-06-18T22:16:32.537","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues.  Queue messages contained tenant-specific identifiers.  The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method entirely."}],"affected":[{"source":"security@progress.com","affectedData":[{"vendor":"Progress Chef","product":"Chef360","defaultStatus":"unaffected","collectionURL":"https://docs.chef.io/360/1.7/","packageName":"Delivery service","modules":["queue"],"platforms":["64 bit","ARM","x86","Linux"],"versions":[{"version":"0","lessThan":"1.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@progress.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:H/SI:N/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:L/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:22:55.308614Z","id":"CVE-2026-8668","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@progress.com","type":"Secondary","description":[{"lang":"en","value":"CWE-523"}]}],"references":[{"url":"https://docs.chef.io/release_notes/360/","source":"security@progress.com"}]}},{"cve":{"id":"CVE-2026-56074","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T23:16:19.213","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PraisonAI","product":"PraisonAI","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.128","versionType":"semver","status":"affected"},{"version":"1.5.128","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:44:29.875373Z","id":"CVE-2026-56074","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-ffp3-3562-8cv3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-tool-approval-cache-bypass-via-coarse-grained-caching","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-ffp3-3562-8cv3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56075","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T23:16:19.357","lastModified":"2026-06-22T21:15:31.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands via subprocess.run with shell=True, bypassing the manual approval gate and insufficient command sanitization blocklists."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PraisonAI","product":"PraisonAI","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.5.128","versionType":"semver","status":"affected"},{"version":"4.5.128","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:53:57.705797Z","id":"CVE-2026-56075","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qwgj-rrpj-75xm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-arbitrary-shell-command-execution-via-hardcoded-approval-mode-override","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qwgj-rrpj-75xm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56076","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T23:16:19.490","lastModified":"2026-06-22T21:15:31.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PraisonAI","product":"PraisonAI","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.128","versionType":"semver","status":"affected"},{"version":"1.5.128","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:36:05.630759Z","id":"CVE-2026-56076","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56077","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T23:16:19.623","lastModified":"2026-06-23T21:17:02.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PraisonAI","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.5.115","versionType":"semver","status":"affected"},{"version":"1.5.115","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T20:44:40.922850Z","id":"CVE-2026-56077","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-state","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56078","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-18T23:16:19.760","lastModified":"2026-06-22T19:17:21.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"PraisonAI","product":"PraisonAI","defaultStatus":"unaffected","packageURL":"pkg:pypi/praisonaiagents","versions":[{"version":"0","lessThan":"1.5.115","versionType":"semver","status":"affected"},{"version":"1.5.115","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:36:03.929037Z","id":"CVE-2026-56078","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/praisonai-arbitrary-file-read-and-write-via-path-traversal-in-multiagentmonitor","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-40624","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-19T00:16:47.693","lastModified":"2026-06-22T20:30:53.723","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ \ncameras may allow a remote, unauthenticated attacker to achieve \narbitrary code execution via a specially crafted web request."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AVer","product":"PTC500S","defaultStatus":"unaffected","versions":[{"version":"*","status":"affected"}]},{"vendor":"AVer","product":"PTC115","defaultStatus":"unaffected","versions":[{"version":"*","status":"affected"}]},{"vendor":"AVer","product":"PTC500+","defaultStatus":"unaffected","versions":[{"version":"*","status":"affected"}]},{"vendor":"AVer","product":"PTC115+","defaultStatus":"unaffected","versions":[{"version":"*","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:54:49.993670Z","id":"CVE-2026-40624","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-169-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-50034","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-19T00:16:47.980","lastModified":"2026-06-22T20:30:53.723","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker within BLE communication range can passively intercept \nwireless traffic and obtain sensitive health-related information, \nincluding glucose measurement values."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Apollo Pharmacy","product":"Blood Glucose Monitoring System (Model No. APG-01 BT)","defaultStatus":"unaffected","versions":[{"version":"0x0110_v1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:54:09.331370Z","id":"CVE-2026-50034","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-169-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.apollopharmacy.in/contact-us","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/news/understanding-bluetooth-technology","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-52866","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-19T00:16:48.123","lastModified":"2026-06-22T20:30:53.723","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker within BLE communication range can monopolize the device's \nonly available BLE connection slot, preventing legitimate users or \napplications from establishing a connection."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Apollo Pharmacy","product":"Blood Glucose Monitoring System (Model No. APG-01 BT)","defaultStatus":"unaffected","versions":[{"version":"0x0110_v1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:51:51.052831Z","id":"CVE-2026-52866","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-169-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.apollopharmacy.in/contact-us","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/news/understanding-bluetooth-technology","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-11775","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T03:16:13.780","lastModified":"2026-06-22T18:16:31.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifier_options_page function. This makes it possible for unauthenticated attackers to reset and permanently delete any user's stored menu and admin-bar configuration via a forged request that triggers uas_save_admin_options() and overwrites the useradminsimplifier_options database entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"adamsilverstein","product":"User Admin Simplifier","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:43:49.586074Z","id":"CVE-2026-11775","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/user-admin-simplifier/tags/1.0.0/useradminsimplifier.php#L161","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-admin-simplifier/tags/1.0.0/useradminsimplifier.php#L204","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-admin-simplifier/tags/1.0.0/useradminsimplifier.php#L222","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3566637%40user-admin-simplifier&new=3566637%40user-admin-simplifier&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0920fc70-1c4b-45ff-86f6-14640286b5e6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8805","sourceIdentifier":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","published":"2026-06-19T03:16:14.850","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access."}],"affected":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","affectedData":[{"vendor":"Mitsubishi Electric Corporation","product":"Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP","defaultStatus":"unaffected","versions":[{"version":"versions 1.000 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:50:13.247647Z","id":"CVE-2026-8805","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://jvn.jp/vu/JVNVU97140216/","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-05","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"},{"url":"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-002_en.pdf","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}]}},{"cve":{"id":"CVE-2026-8806","sourceIdentifier":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","published":"2026-06-19T03:16:15.010","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop."}],"affected":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","affectedData":[{"vendor":"Mitsubishi Electric Corporation","product":"Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP","defaultStatus":"unaffected","versions":[{"version":"All versions","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:46:34.128220Z","id":"CVE-2026-8806","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-440"}]}],"references":[{"url":"https://jvn.jp/vu/JVNVU97140216/","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-06","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"},{"url":"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2026-003_en.pdf","source":"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}]}},{"cve":{"id":"CVE-2025-7737","sourceIdentifier":"hirt@hitachi.co.jp","published":"2026-06-19T06:16:58.920","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.\n\n\n\nThis issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17."}],"affected":[{"source":"hirt@hitachi.co.jp","affectedData":[{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform E990, E1090, E1090H","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]}]},{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04","versionType":"customDKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04","status":"affected","changes":[{"at":"DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]}]},{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04","status":"unaffected"}]}]},{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29","status":"unaffected"}]}]},{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07","status":"unaffected"}]},{"version":"0","lessThan":"DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07","status":"unaffected"}]}]},{"vendor":"Hitachi","product":"Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17","versionType":"custom","status":"affected","changes":[{"at":"DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"hirt@hitachi.co.jp","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:04:02.928880Z","id":"CVE-2025-7737","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"hirt@hitachi.co.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html","source":"hirt@hitachi.co.jp"}]}},{"cve":{"id":"CVE-2026-10034","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:00.633","lastModified":"2026-06-22T20:16:27.267","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an arbitrary victim email address and trigger immediate SAR processing via the process_now and is_ajax parameters, receiving tokenized download links (zip_link, pdf_link) in the HTTP response that expose the victim's personal data — including WordPress account details, comment author names, email addresses, IP addresses, and comment content — without any proof of ownership. The nonce used for the CSRF check is publicly rendered by the SAR shortcode form and is shared across all anonymous visitors, meaning any unauthenticated attacker can trivially obtain a valid nonce and bypass this gate entirely."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"legalweb","product":"WP DSGVO Tools (GDPR)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.39","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:16:22.276610Z","id":"CVE-2026-10034","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/includes/class-sp-dsgvo-ajax-action.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/download-subject-access-request.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L24","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/includes/class-sp-dsgvo-ajax-action.php#L70","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/download-subject-access-request.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L24","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L40","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L47","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3574362%40shapepress-dsgvo&new=3574362%40shapepress-dsgvo&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4deb62a-1a75-4951-a0a0-297dd17276d3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10720","sourceIdentifier":"security@ubuntu.com","published":"2026-06-19T06:17:00.833","lastModified":"2026-06-22T17:46:31.980","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster within the /var/snap/microceph confinement. This would allow daemon disruption and pollution of the cluster state."}],"affected":[{"source":"security@ubuntu.com","affectedData":[{"vendor":"Canonical","product":"Microceph","defaultStatus":"unaffected","modules":["remote-import api"],"platforms":["Linux"],"repo":"https://github.com/canonical/microceph/","versions":[{"version":"19.2.1+snap74c0060321","lessThan":"19.2.3+snapcf306793a4","versionType":"custom","status":"affected"},{"version":"20.0.0","lessThan":"20.2.0+snapbe4e67380e","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:02:02.490518Z","id":"CVE-2026-10720","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/canonical/microceph/pull/758","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-10779","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:01.027","lastModified":"2026-06-22T18:16:30.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler (action: rtcl_fb_gallery_image_update_as_feature), which accepts a user-supplied listing ID and attachment ID and sets the featured image of a listing while only validating a nonce that is exposed to any logged-in user on the frontend listing-submission form. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the featured image of arbitrary listings they do not own."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"techlabpro1","product":"Classified Listing – AI-Powered Classified ads & Business Directory","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:55:47.114787Z","id":"CVE-2026-10779","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.8/app/Controllers/Ajax/FormBuilderAjax.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.8/app/Controllers/Ajax/FormBuilderAjax.php#L605","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.8/app/Controllers/Ajax/FormBuilderAjax.php#L617","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.4.2/app/Controllers/Ajax/FormBuilderAjax.php#L590","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.4.2/app/Controllers/Ajax/FormBuilderAjax.php#L605","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.4.2/app/Controllers/Ajax/FormBuilderAjax.php#L617","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3571741%40classified-listing&new=3571741%40classified-listing&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f7660ba-c3be-44f0-91cb-809d0021759a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11752","sourceIdentifier":"dl_cve@linecorp.com","published":"2026-06-19T06:17:01.153","lastModified":"2026-06-22T20:21:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local files and environment variables on the xDS client host."}],"affected":[{"source":"dl_cve@linecorp.com","affectedData":[{"vendor":"LY Corporation","product":"Armeria","defaultStatus":"unaffected","versions":[{"version":"1.38.0","lessThan":"1.40.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"dl_cve@linecorp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:57:29.287769Z","id":"CVE-2026-11752","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://github.com/line/armeria/security/advisories/GHSA-hgw6-8c77-v4gq","source":"dl_cve@linecorp.com"}]}},{"cve":{"id":"CVE-2026-11989","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:01.270","lastModified":"2026-06-23T21:16:54.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the upload_attachment. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires a form integration to be configured with a field mapped to a WooCommerce product image, product gallery, downloadable files, or Google Contacts attachment field, which is a default use case for these integrations."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"bitpressadmin","product":"Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.8.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T20:45:42.275240Z","id":"CVE-2026-11989","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.2/backend/Actions/GoogleContacts/RecordApiHelper.php#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.2/backend/Actions/GoogleContacts/RecordApiHelper.php#L168","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.2/backend/Actions/WooCommerce/RecordApiHelper.php#L584","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.2/backend/Actions/WooCommerce/RecordApiHelper.php#L631","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.7/backend/Actions/GoogleContacts/RecordApiHelper.php#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.7/backend/Actions/GoogleContacts/RecordApiHelper.php#L168","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.7/backend/Actions/WooCommerce/RecordApiHelper.php#L584","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bit-integrations/tags/2.8.7/backend/Actions/WooCommerce/RecordApiHelper.php#L631","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3571608%40bit-integrations&new=3571608%40bit-integrations&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bdf8d5c2-dbb1-47d5-b858-da6f6e1989f4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12157","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:01.397","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevteam","product":"BetterDocs –  AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:51:49.932223Z","id":"CVE-2026-12157","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3576713%40betterdocs&new=3576713%40betterdocs&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/81f61ef0-b3c7-4c69-bd18-5e5f0ea09abc?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12430","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:01.513","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"creativethemeshq","product":"Blocksy Companion","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.1.45","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:56:00.197925Z","id":"CVE-2026-12430","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.41/framework/extensions/product-reviews/extension.php#L709","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.41/framework/extensions/product-reviews/views/single-top.php#L206","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.41/framework/extensions/product-reviews/views/single-top.php#L232","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.45/framework/extensions/product-reviews/extension.php#L709","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.45/framework/extensions/product-reviews/views/single-top.php#L206","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blocksy-companion/tags/2.1.45/framework/extensions/product-reviews/views/single-top.php#L232","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3576066%40blocksy-companion&new=3576066%40blocksy-companion&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fac4ae61-cfc6-4efc-9f57-58fa39e00f07?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12644","sourceIdentifier":"report@snyk.io","published":"2026-06-19T06:17:01.640","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken — any string context operation throws a TypeError, crashing the application."}],"affected":[{"source":"report@snyk.io","affectedData":[{"vendor":"n/a","product":"ts-deepmerge","versions":[{"version":"0","lessThan":"8.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:02:41.594623Z","id":"CVE-2026-12644","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://gist.github.com/igorg1312/775fa00114c4d47df6ae0551779ab407","source":"report@snyk.io"},{"url":"https://github.com/voodoocreation/ts-deepmerge/commit/305a05831a462fb2c353d3cbbff55a0733286f8c","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-JS-TSDEEPMERGE-17339141","source":"report@snyk.io"},{"url":"https://gist.github.com/igorg1312/775fa00114c4d47df6ae0551779ab407","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-1856","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:01.807","lastModified":"2026-06-22T19:16:50.793","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"creavi","product":"Creavi Appointment Booking Calendar","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:25:12.290933Z","id":"CVE-2026-1856","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/creavi-booking-service/tags/1.1.0/assets/js/booking.js#L379","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/creavi-booking-service/trunk/assets/js/booking.js#L379","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3564451/creavi-booking-service","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2618ccde-2bb0-4cd4-b415-68a671507709?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-4328","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:09.403","lastModified":"2026-06-22T18:16:42.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wp_remote_get() to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in the demo_download_and_unzip() function. The 'demo_file' parameter from $_POST is passed through sanitize_text_field() (which only handles XSS-related sanitization) and then directly into wp_remote_get() when 'demo_file_type' is set to 'url'. Notably, the plugin uses wp_safe_remote_get() in other locations (theme template libraries) which would provide SSRF protection, but fails to use it in this critical AJAX handler. This makes it possible for authenticated attackers, with Author-level access and above (upload_files capability), to make web requests to arbitrary locations originating from the web application, which can be used to query and view data from internal services, including cloud instance metadata endpoints."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"addonspress","product":"Advanced Import","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:56:14.850452Z","id":"CVE-2026-4328","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/advanced-import/tags/1.4.5/admin/class-advanced-import-admin.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-import/tags/1.4.5/admin/class-advanced-import-admin.php#L612","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-import/trunk/admin/class-advanced-import-admin.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-import/trunk/admin/class-advanced-import-admin.php#L612","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3566433%40advanced-import&new=3566433%40advanced-import&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/baf55ce7-8a33-426c-a6a4-158a95a13a5c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-54414","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-06-19T06:17:09.830","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php), leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename() and REGEX_FILE_NAME, which permit URL-encoded sequences (the regex blocks / and \\ but not %). The raw filename is then passed to UploadModel::handleUpload, where it is reconstructed as trim(urldecode(basename($fileName))), re-introducing path separators after validation (e.g. ..%2fusers%2fusers.txt becomes ../users/users.txt). UploadNamePolicy::isAllowedForWrite() applies basename() internally and therefore only evaluates the final component (users.txt), allowing the traversal sequence to pass the extension policy. The destination path is then used directly in move_uploaded_file() with no realpath containment check, allowing a write outside the intended upload directory. An attacker who possesses a valid, non-expired, upload-enabled shared-folder link/token (which are designed to be shared publicly) can overwrite users/users.txt to create an administrator account, resulting in unauthenticated admin takeover and, depending on configuration, remote code execution. Exploitation requires possession of a valid, non-expired, upload-enabled shared-folder link/token. This issue is fixed in 3.16.0, which URL-decodes before validation and rejects any path separators in the upload filename."}],"affected":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","affectedData":[{"vendor":"error311","product":"FileRise","defaultStatus":"unaffected","collectionURL":"https://github.com/error311/FileRise","programFiles":["src/FileRise/Domain/UploadModel.php","src/FileRise/Support/UploadNamePolicy.php","src/FileRise/Http/Controllers/FolderController.php"],"repo":"https://github.com/error311/FileRise","versions":[{"version":"0","lessThan":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:04:58.077602Z","id":"CVE-2026-54414","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/error311/FileRise","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/error311/FileRise/blob/v3.15.0/src/FileRise/Domain/UploadModel.php#L1023","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"},{"url":"https://github.com/error311/FileRise/releases/tag/v3.16.0","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c"}]}},{"cve":{"id":"CVE-2026-56131","sourceIdentifier":"cve@mitre.org","published":"2026-06-19T06:17:10.107","lastModified":"2026-06-23T20:15:48.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation)."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:58:05.598510Z","id":"CVE-2026-56131","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1267","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56132","sourceIdentifier":"cve@mitre.org","published":"2026-06-19T06:17:10.253","lastModified":"2026-06-23T20:15:26.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:59:42.500548Z","id":"CVE-2026-56132","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-821"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1272","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-7515","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:10.430","lastModified":"2026-06-22T20:16:31.640","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"betterdocs","product":"BetterDocs Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:19:03.690065Z","id":"CVE-2026-7515","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://betterdocs.co/","source":"security@wordfence.com"},{"url":"https://betterdocs.co/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/694b67d2-7d60-4764-a2c0-02698c331772?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7547","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:10.550","lastModified":"2026-06-23T21:17:03.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"teamwsa","product":"Woosa – Marktplaats for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T20:45:06.751446Z","id":"CVE-2026-7547","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/tags/2.0.4/vendor/woosa/logger/class-module-logger-hook-settings.php#L177","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/tags/2.0.4/vendor/woosa/logger/class-module-logger-hook-settings.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/tags/2.0.5/vendor/woosa/logger/class-module-logger-hook-settings.php#L177","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/tags/2.0.5/vendor/woosa/logger/class-module-logger-hook-settings.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/trunk/vendor/woosa/logger/class-module-logger-hook-settings.php#L177","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/integration-marktplaats-for-woocommerce/trunk/vendor/woosa/logger/class-module-logger-hook-settings.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3576889%40integration-marktplaats-for-woocommerce&new=3576889%40integration-marktplaats-for-woocommerce&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3e765e05-9be1-40fa-97f2-a6e57728cb85?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8118","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:10.687","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wpr_get_csv_handle() helper (introduced in version 1.7.1058 as part of the patch for CVE-2026-6229) falling back to is_readable() and fopen($source, 'r') on the attacker-controlled settings.table_upload_csv.url value when it does not parse as an HTTP URL, with no allow-list, traversal block, or extension check. This makes it possible for authenticated attackers, with Contributor-level access and above, to save a crafted wpr-data-table widget through Elementor's save_builder endpoint and have the rendered preview return the line-by-line contents of any file readable by the PHP process, including wp-config.php."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wproyal","product":"Royal Addons for Elementor – Addons and Templates Kit for Elementor","defaultStatus":"unaffected","versions":[{"version":"1.7.1058","lessThanOrEqual":"1.7.1059","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:52:44.707388Z","id":"CVE-2026-8118","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3532747/royal-elementor-addons","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7ce047b-3cd3-475b-9a9f-38d15174e7e5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8713","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:10.917","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybe_delete_files function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The attack requires a published Avada form configured to save entries to the database; an unauthenticated attacker submits a path-traversal payload via the wp_ajax_nopriv_fusion_form_submit_ajax handler while also controlling the fusion_privacy_expiration_interval and privacy_expiration_action fields to force an immediate 'delete' cleanup, causing the planted entry to be automatically processed by the Fusion_Form_DB_Privacy shutdown-hook routine without any administrator interaction."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themefusion","product":"Avada (Fusion) Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.15.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:56:49.907926Z","id":"CVE-2026-8713","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/fusion-builder/trunk/inc/class-fusion-form-db-entries.php#L79","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e4bfb72e-023b-4bfd-b125-91f6ac2f200f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9013","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T06:17:11.033","lastModified":"2026-06-22T18:16:51.907","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_translation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt, and password of any private, draft, or password-protected post by triggering its duplication via the translation endpoint and reading the returned title.raw, content.raw, and excerpt.raw fields of the duplicated post. This vulnerability is exploitable against posts written in a non-default locale, as authenticated subscribers can request a translation into the site's default locale to pass the locale-only permission gate. While subscribers can trigger the endpoint, this is only impactful at the Contributor-level as they can actually read the duplicated content."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rocklobsterinc","product":"Bogo","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:44:05.303675Z","id":"CVE-2026-9013","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/rocklobster-in/bogo/pull/382/changes","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/tags/3.9.1/includes/post.php#L293","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/tags/3.9.1/includes/rest-api.php#L202","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/tags/3.9.1/includes/rest-api.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/trunk/includes/post.php#L293","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/trunk/includes/rest-api.php#L202","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bogo/trunk/includes/rest-api.php#L31","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3574263%40bogo&new=3574263%40bogo&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b04ba117-da4b-445e-99c2-69a5e4f34a65?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9822","sourceIdentifier":"contact@wpscan.com","published":"2026-06-19T06:17:11.153","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users with Subscriber-level access to read other users' booking line items, enumerate active coupons, and read pricing data."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"WP Hotel Booking","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:15:27.197348Z","id":"CVE-2026-9822","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/107fe41a-c5d9-4547-b413-bbd77cbab986/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-3640","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T08:16:16.707","lastModified":"2026-06-22T18:16:36.217","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/strabl/webhook/order with a permission_callback of __return_true, which allows all incoming requests without any authentication or authorization checks. No shared secret, signature validation, HMAC verification, or token-based authentication is implemented. This makes it possible for unauthenticated attackers to create fraudulent WooCommerce orders and mark them as completed by supplying paymentStatus=paid, manipulate existing order statuses by providing an externalOrderId, create new WordPress user accounts with the customer role, issue refunds on existing orders, cancel existing orders, and apply chargeback fees — all without making a legitimate payment or having any valid credentials."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"strablengineering","product":"STRABL – A checkout solution","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:59:15.746377Z","id":"CVE-2026-3640","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/CustomerRepository.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/OrderWebhookController.php#L199","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/OrderWebhookController.php#L550","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/OrderWebhookController.php#L60","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/OrderWebhookController.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/tags/4.5/src/Orders/OrderWebhookController.php#L88","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/CustomerRepository.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/OrderWebhookController.php#L199","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/OrderWebhookController.php#L550","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/OrderWebhookController.php#L60","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/OrderWebhookController.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/strabl-a-checkout-solution/trunk/src/Orders/OrderWebhookController.php#L88","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3558301","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/04eb82e4-1738-44c7-980e-8e33a7a3a23a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-46461","sourceIdentifier":"security_alert@emc.com","published":"2026-06-19T08:16:16.840","lastModified":"2026-06-26T21:49:18.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Server Hardware Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.2.2 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-46461","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:server_hardware_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.2","matchCriteriaId":"56C59334-09A3-4468-AD00-BF68083A71C0"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000478484/dsa-2026-243-security-update-for-dell-server-hardware-manager-vulnerability","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6798","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T08:16:16.960","lastModified":"2026-06-22T20:16:30.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to view arbitrary customers' subscription data including subscription status, product names, order IDs, purchase dates, and expiry dates."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"2download","product":"2Download Connector for 2DL Hosted Checkout","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.1.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:21:07.620865Z","id":"CVE-2026-6798","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/tags/0.1.5/src/Shortcodes/Shortcodes.php#L1278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/tags/0.1.5/src/Shortcodes/Shortcodes.php#L1767","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/tags/0.1.5/src/Shortcodes/Shortcodes.php#L1776","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/trunk/src/Shortcodes/Shortcodes.php#L1278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/trunk/src/Shortcodes/Shortcodes.php#L1767","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2download-connector/trunk/src/Shortcodes/Shortcodes.php#L1776","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3524785%402download-connector&new=3524785%402download-connector&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46a36f2b-c352-4d76-b4c4-8a73ec5dd910?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-34192","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-06-19T10:16:11.203","lastModified":"2026-06-22T20:40:34.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables.\n\n\n\nThe vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM","versionType":"custom","status":"affected"},{"version":"23.2 RTM","versionType":"custom","status":"affected"},{"version":"24.2 RTM","versionType":"custom","status":"affected"},{"version":"25.1 RTM","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:21:48.311801Z","id":"CVE-2026-34192","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-41156","sourceIdentifier":"367425dc-4d06-4041-9650-c2dc6aaa27ce","published":"2026-06-19T10:16:11.317","lastModified":"2026-06-22T20:40:34.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.\n\n\n\nA shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it."}],"affected":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","affectedData":[{"vendor":"Imagination Technologies","product":"Graphics DDK","defaultStatus":"unknown","platforms":["Linux","Android"],"versions":[{"version":"1.18 RTM","versionType":"custom","status":"affected"},{"version":"23.2 RTM","versionType":"custom","status":"affected"},{"version":"24.2 RTM","versionType":"custom","status":"affected"},{"version":"25.1 RTM","lessThanOrEqual":"25.3 RTM","versionType":"custom","status":"affected"},{"version":"26.1 RTM","versionType":"custom","status":"affected"},{"version":"26.2 RTM","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:23:16.520515Z","id":"CVE-2026-41156","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"367425dc-4d06-4041-9650-c2dc6aaa27ce","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","source":"367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}},{"cve":{"id":"CVE-2026-56138","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-19T10:16:11.420","lastModified":"2026-06-22T17:51:10.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed as valid AIL objects.\n\nAn authenticated AIL user could craft malicious item identifiers containing path traversal sequences to cause the application to read gzip-compressed files accessible to the AIL process. This could result in unauthorized disclosure of local file contents, limited to files readable by the application and compatible with the expected gzip-compressed item format.\n\nThe issue was fixed by validating that both requested items exist before their contents are accessed."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"ail-project","product":"ail-framework","defaultStatus":"unaffected","repo":"https://github.com/ail-project/ail-framework","versions":[{"version":"0","lessThan":"6.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:01:26.059043Z","id":"CVE-2026-56138","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/ail-project/ail-framework/commit/074f9a432702d39d7f8db07ece3a11502cf36d73","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-8296","sourceIdentifier":"security@octopus.com","published":"2026-06-19T10:16:11.577","lastModified":"2026-06-22T20:44:48.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts."}],"affected":[{"source":"security@octopus.com","affectedData":[{"vendor":"Octopus Deploy","product":"Octopus Server","defaultStatus":"unaffected","platforms":["Windows","Linux"],"versions":[{"version":"2023.0.0","lessThan":"2025.4.10678","versionType":"custom","status":"affected"},{"version":"2026.1.0","lessThan":"2026.1.11451","versionType":"custom","status":"affected"},{"version":"2026.2.0","lessThan":"2026.2.13114","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@octopus.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:10:19.347472Z","id":"CVE-2026-8296","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://advisories.octopus.com/post/2026/sa2026-05","source":"security@octopus.com"}]}},{"cve":{"id":"CVE-2026-11941","sourceIdentifier":"cna@cloudflare.com","published":"2026-06-19T12:16:26.137","lastModified":"2026-06-22T17:51:46.663","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.\n\n\n\nThe “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned “ConnectionId” would be dropped at the end of those functions' scope.\n\n\n\nOnly applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.\n\n\n\nImpact\nIf unpatched, an application calling the affected FFI functions will dereference freed memory. The most likely outcome is undefined behavior leading to a process crash (denial of service). Depending on allocator state, the read may also return adjacent heap contents, resulting in limited information disclosure or incorrect connection identifier handling.\n\n\n\nMitigation\nUsers are requested to upgrade to quiche 0.29.2 which is the earliest version containing the fix for this issue."}],"affected":[{"source":"cna@cloudflare.com","affectedData":[{"vendor":"Cloudflare","product":"Quiche","defaultStatus":"unaffected","repo":"https://github.com/cloudflare/quiche","versions":[{"version":"0.20.0","lessThanOrEqual":"0.29.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cna@cloudflare.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:09:49.880714Z","id":"CVE-2026-11941","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@cloudflare.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://github.com/cloudflare/quiche/security/advisories/GHSA-mh64-ph39-mrc9","source":"cna@cloudflare.com"}]}},{"cve":{"id":"CVE-2026-12706","sourceIdentifier":"secalert@redhat.com","published":"2026-06-19T12:16:27.100","lastModified":"2026-06-22T20:16:28.617","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ffmpeg","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nv-codec-headers","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-aws-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-azure-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-azure-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gcp-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-openvino-model-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-vllm-gaudi-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:27:58.329322Z","id":"CVE-2026-12706","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12706","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490710","source":"secalert@redhat.com"},{"url":"https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/TTRIJZA7UL6KJTEDMMBGZPLLJERJ3EFX/","source":"secalert@redhat.com"},{"url":"https://patchwork.ffmpeg.org/project/ffmpeg/patch/177766314111.63.10674887811034989327@29965ddac10e/","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-44939","sourceIdentifier":"meissner@suse.de","published":"2026-06-19T13:16:30.583","lastModified":"2026-06-24T05:17:28.473","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"SUSE","product":"Rancher","defaultStatus":"unaffected","packageName":"Rancher","repo":"https://github.com/rancher/rancher/","versions":[{"version":"2.14.0","lessThan":"2.14.2","versionType":"semver","status":"affected"},{"version":"2.13.0","lessThan":"2.13.6","versionType":"semver","status":"affected"},{"version":"2.12.0","lessThan":"2.12.10","versionType":"semver","status":"affected"},{"version":"2.11.0","lessThan":"2.11.14","versionType":"semver","status":"affected"},{"version":"2.10.0","lessThan":"2.10.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-44939","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]}],"references":[{"url":"https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62","source":"meissner@suse.de"}]}},{"cve":{"id":"CVE-2026-50242","sourceIdentifier":"cve@jetbrains.com","published":"2026-06-19T13:16:36.987","lastModified":"2026-06-26T13:20:46.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 authentication bypass via direct database access leading to administrative access was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"Hub","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-50242","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.2.33606","versionEndExcluding":"2024.2.148429","matchCriteriaId":"E650ABBD-BA65-4A52-9B0A-D021144E3487"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.3.44799","versionEndExcluding":"2024.3.148430","matchCriteriaId":"8F635C83-F8CD-485D-B015-E542206E0C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.62455","versionEndExcluding":"2025.1.148120","matchCriteriaId":"62D0CA3A-2435-4FE1-8F6F-7765D851241D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.2.86069","versionEndExcluding":"2025.2.148048","matchCriteriaId":"E721FAAF-A437-4B05-835E-B210ABBEE292"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.3.104432","versionEndExcluding":"2025.3.148033","matchCriteriaId":"A4CB4EA8-DA02-41F1-B613-B4FEB8868A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.12024","versionEndExcluding":"2026.1.13757","matchCriteriaId":"FAB86407-3586-4DA5-8613-98C2BBCDDE57"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53915","sourceIdentifier":"cve@jetbrains.com","published":"2026-06-19T13:16:37.100","lastModified":"2026-06-26T13:19:24.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"GoLand","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T03:55:33.255688Z","id":"CVE-2026-53915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:goland:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.1.3","matchCriteriaId":"3F03E89A-F5F2-40A9-87B2-7D6CA26F186B"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56141","sourceIdentifier":"cve@jetbrains.com","published":"2026-06-19T13:16:37.203","lastModified":"2026-06-26T13:10:35.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 account takeover via predictable restore codes was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"Hub","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-56141","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.2.33606","versionEndExcluding":"2024.2.148429","matchCriteriaId":"E650ABBD-BA65-4A52-9B0A-D021144E3487"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.3.44799","versionEndExcluding":"2024.3.148430","matchCriteriaId":"8F635C83-F8CD-485D-B015-E542206E0C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.62455","versionEndExcluding":"2025.1.148120","matchCriteriaId":"62D0CA3A-2435-4FE1-8F6F-7765D851241D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.2.86069","versionEndExcluding":"2025.2.148048","matchCriteriaId":"E721FAAF-A437-4B05-835E-B210ABBEE292"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.3.104432","versionEndExcluding":"2025.3.148033","matchCriteriaId":"A4CB4EA8-DA02-41F1-B613-B4FEB8868A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.12024","versionEndExcluding":"2026.1.13757","matchCriteriaId":"FAB86407-3586-4DA5-8613-98C2BBCDDE57"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56142","sourceIdentifier":"cve@jetbrains.com","published":"2026-06-19T13:16:37.313","lastModified":"2026-06-26T13:06:12.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 privilege escalation by attaching authentication details to accounts was possible"}],"affected":[{"source":"cve@jetbrains.com","affectedData":[{"vendor":"JetBrains","product":"Hub","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@jetbrains.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-56142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@jetbrains.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.2.33606","versionEndExcluding":"2024.2.148429","matchCriteriaId":"E650ABBD-BA65-4A52-9B0A-D021144E3487"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2024.3.44799","versionEndExcluding":"2024.3.148430","matchCriteriaId":"8F635C83-F8CD-485D-B015-E542206E0C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.62455","versionEndExcluding":"2025.1.148120","matchCriteriaId":"62D0CA3A-2435-4FE1-8F6F-7765D851241D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.2.86069","versionEndExcluding":"2025.2.148048","matchCriteriaId":"E721FAAF-A437-4B05-835E-B210ABBEE292"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.3.104432","versionEndExcluding":"2025.3.148033","matchCriteriaId":"A4CB4EA8-DA02-41F1-B613-B4FEB8868A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*","versionStartIncluding":"2026.1.12024","versionEndExcluding":"2026.1.13757","matchCriteriaId":"FAB86407-3586-4DA5-8613-98C2BBCDDE57"}]}]}],"references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","source":"cve@jetbrains.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12104","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-06-19T14:16:21.687","lastModified":"2026-06-22T20:16:28.497","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts."}],"affected":[{"source":"vulnerability@ncsc.ch","affectedData":[{"vendor":"SIMA GmbH","product":"Bondix Server","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"0","lessThanOrEqual":"1.25.7.5","versionType":"custom","status":"affected"},{"version":"1.25.7.6","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:31:34.326799Z","id":"CVE-2026-12104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://wiki.bondix.dev/wiki/Downloads#Release_Notes","source":"vulnerability@ncsc.ch"},{"url":"https://wiki.bondix.dev/wiki/Security_Advisories#CVE-2026-12104_%E2%80%94_Authenticated_OS_Command_Injection_in_Bondix","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-39998","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:21.823","lastModified":"2026-06-23T14:57:13.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache APISIX.\n\nThe attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.\nThis issue affects Apache APISIX: from 2.12.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"2.12.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:16:18.557213Z","id":"CVE-2026-39998","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"2.12.0","versionEndExcluding":"3.17.0","matchCriteriaId":"5594B6F8-4C43-4244-92CC-04C8BA3A9FA1"}]}]}],"references":[{"url":"https://lists.apache.org/thread/vgkvy396010d7g6m0jrn4d3hjf2svlvv","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-39999","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:21.950","lastModified":"2026-06-23T15:08:22.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Spoofing vulnerability in Apache APISIX.\n\nThe attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.\nThis issue affects Apache APISIX: from v2.2 through v3.16.0.\n\nUsers are recommended to upgrade to version v3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"2.2","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:17:18.663952Z","id":"CVE-2026-39999","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2","versionEndExcluding":"3.17.0","matchCriteriaId":"C78ABD44-D9ED-4162-A17A-EF6BD0477681"}]}]}],"references":[{"url":"https://lists.apache.org/thread/nfopt8cnxd3k0rs1oxtr7lzxrdw4mojq","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44046","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:22.070","lastModified":"2026-06-23T15:10:22.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use of Less Trusted Source vulnerability in Apache APISIX.\n\nAttacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules.\nThis issue affects Apache APISIX: from 1.2.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"1.2.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:17:53.049120Z","id":"CVE-2026-44046","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-348"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2","versionEndExcluding":"3.17.0","matchCriteriaId":"2C6B48BB-A460-4337-916C-D302D2A4C257"}]}]}],"references":[{"url":"https://lists.apache.org/thread/xkshmps51b24yw0qckl5h5ddyv0x6qf9","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44087","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:22.200","lastModified":"2026-06-23T15:11:13.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient Verification of Data Authenticity vulnerability in Apache APISIX.\n\nThe openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources.\nThis issue affects Apache APISIX: from 2.3 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"2.3","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:18:49.491230Z","id":"CVE-2026-44087","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3","versionEndExcluding":"3.17.0","matchCriteriaId":"C48DDD8C-CE59-4634-B9B2-78CC05D7B1CB"}]}]}],"references":[{"url":"https://lists.apache.org/thread/72ryrgdssk6s2x9d6xn14bxyyl878xfm","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44915","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:22.323","lastModified":"2026-06-23T15:11:29.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.\n\nThe default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.\n\nThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:16:49.161991Z","id":"CVE-2026-44915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.17.0","matchCriteriaId":"46461E65-7CF7-491D-A104-C4A6A08C4527"}]}]}],"references":[{"url":"https://lists.apache.org/thread/2syk2kkzjnpzrdh98plbzj8os7wn521c","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47339","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:22.443","lastModified":"2026-06-23T15:11:58.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect Authorization vulnerability in Apache APISIX.\n\nAn attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source.\nThis issue affects Apache APISIX: from 2.14.1 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"2.14.1","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:18:19.243261Z","id":"CVE-2026-47339","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"2.14.1","versionEndExcluding":"3.17.0","matchCriteriaId":"0319B10F-D478-4761-8968-8F7AAEC6BD9D"}]}]}],"references":[{"url":"https://lists.apache.org/thread/lk4q5o855cocc7zq5wh1zlctfmcq6f76","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47341","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:22.560","lastModified":"2026-06-23T15:16:35.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Capture-replay vulnerability in Apache APISIX.\n\nAttacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry.\nThis issue affects Apache APISIX: from 3.11.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.11.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:20:56.729924Z","id":"CVE-2026-47341","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.17.0","matchCriteriaId":"1B577B06-C51C-4938-A2A6-4350070C7A17"}]}]}],"references":[{"url":"https://lists.apache.org/thread/ob6ng9x2hxtyfojs839hs1n0v18xxzf2","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48137","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:22.680","lastModified":"2026-06-25T14:43:05.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution.  Successful exploitation requires an attacker  to supply a specially crafted Moniker protobuf message.  This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:14:49.401117Z","id":"CVE-2026-48137","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-822"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-ww59-ghm9-mm63","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48138","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:22.817","lastModified":"2026-06-25T14:42:30.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:14:00.484448Z","id":"CVE-2026-48138","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-8rjh-429j-f6gw","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48139","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:22.937","lastModified":"2026-06-25T14:42:08.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash.  Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:31:14.124099Z","id":"CVE-2026-48139","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-7vg9-5c74-289x","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48140","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:23.063","lastModified":"2026-06-25T14:41:35.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message containing an out-of-range value. This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:35:45.846676Z","id":"CVE-2026-48140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-prfr-q8h3-mqxv","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48141","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:23.190","lastModified":"2026-06-25T14:41:03.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.  This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:28:34.889070Z","id":"CVE-2026-48141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-j4qc-5v3f-rf87","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48895","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:23.310","lastModified":"2026-06-23T15:17:01.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.\n\nThe attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token.\n\nThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:20:23.765787Z","id":"CVE-2026-48895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.17.0","matchCriteriaId":"46461E65-7CF7-491D-A104-C4A6A08C4527"}]}]}],"references":[{"url":"https://lists.apache.org/thread/yo1kq93ds69zbgjjopop7dmzm7zhj1gq","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49230","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:23.427","lastModified":"2026-06-23T15:17:42.143","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Integrity Check Value vulnerability in Apache APISIX.\n\nThe jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. \nThis issue affects Apache APISIX: from 3.8.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.8.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:19:28.462999Z","id":"CVE-2026-49230","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-354"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.17.0","matchCriteriaId":"3880C967-9F72-422B-B760-B147BC5E30A7"}]}]}],"references":[{"url":"https://lists.apache.org/thread/n0blgkpvz38ghh5rrh6wtl476919xj1b","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49231","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:23.543","lastModified":"2026-06-23T15:18:30.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Spoofing vulnerability in opa plugin.\n\nAn attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.\n\nThis could allow the attacker to assume higher privileges on the upstream service.\nThis issue affects Apache APISIX: from 3.5.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.5.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:19:53.357415Z","id":"CVE-2026-49231","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.17.0","matchCriteriaId":"E1E08024-C3BD-4685-B9FA-CBEE0012C96D"}]}]}],"references":[{"url":"https://lists.apache.org/thread/s1jd1vxm59p6ghx47xhmpjdk1cobo4hn","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49357","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T14:16:23.667","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mcp` supports a `--http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dtwang","product":"line-desktop-mcp","versions":[{"version":"< 1.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:48:03.889588Z","id":"CVE-2026-49357","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/dtwang/line-desktop-mcp/commit/680617894981ea93f8f6ceb51ecde7519754d501","source":"security-advisories@github.com"},{"url":"https://github.com/dtwang/line-desktop-mcp/security/advisories/GHSA-4hf8-5mjm-rfgq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49871","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:23.800","lastModified":"2026-06-23T15:20:01.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.\n\nThis defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity.\n\nActions the victim takes upstream are then attributed to attackers identity.\n\n\nThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:21:21.141230Z","id":"CVE-2026-49871","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.17.0","matchCriteriaId":"46461E65-7CF7-491D-A104-C4A6A08C4527"}]}]}],"references":[{"url":"https://lists.apache.org/thread/1ozsnss0lof4gpwq763d66oxwxt3sycp","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49872","sourceIdentifier":"security@apache.org","published":"2026-06-19T14:16:23.917","lastModified":"2026-06-23T15:18:52.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Authentication vulnerability in Apache APISIX.\n\nWhen the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.\nThis issue affects Apache APISIX: from 3.0.0 through 3.16.0.\n\nUsers are recommended to upgrade to version 3.17.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache APISIX","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThanOrEqual":"3.16.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:28:11.351885Z","id":"CVE-2026-49872","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.17.0","matchCriteriaId":"46461E65-7CF7-491D-A104-C4A6A08C4527"}]}]}],"references":[{"url":"https://lists.apache.org/thread/bzjpo60ygxo7kxdqf7vw3l5zw2lh6m5k","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/19/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-4026","sourceIdentifier":"PSIRT-CNA@flexerasoftware.com","published":"2026-06-19T14:16:24.037","lastModified":"2026-06-22T17:54:53.610","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level."}],"affected":[{"source":"PSIRT-CNA@flexerasoftware.com","affectedData":[{"vendor":"Flexera","product":"FlexNet Manager Suite","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"2025 R1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"PSIRT-CNA@flexerasoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:08:42.642886Z","id":"CVE-2026-4026","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"PSIRT-CNA@flexerasoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://community.flexera.com/s/feed/0D5PL00000rJX5K0AW","source":"PSIRT-CNA@flexerasoftware.com"}]}},{"cve":{"id":"CVE-2026-4027","sourceIdentifier":"PSIRT-CNA@flexerasoftware.com","published":"2026-06-19T14:16:24.157","lastModified":"2026-06-22T18:16:41.760","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control."}],"affected":[{"source":"PSIRT-CNA@flexerasoftware.com","affectedData":[{"vendor":"Flexera","product":"FlexNet Manager Suite","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"2025 R1","lessThanOrEqual":"2025 R2","versionType":"custom","status":"affected"},{"version":"2026 R1","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"PSIRT-CNA@flexerasoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:13:16.937788Z","id":"CVE-2026-4027","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"PSIRT-CNA@flexerasoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://community.flexera.com/s/feed/0D5PL00000ssjNi0AI","source":"PSIRT-CNA@flexerasoftware.com"}]}},{"cve":{"id":"CVE-2026-9142","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:24.423","lastModified":"2026-06-25T14:40:14.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:29:24.594424Z","id":"CVE-2026-9142","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9143","sourceIdentifier":"security@ni.com","published":"2026-06-19T14:16:24.550","lastModified":"2026-06-25T14:39:11.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen.  This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions."}],"affected":[{"source":"security@ni.com","affectedData":[{"vendor":"NI","product":"grpc-device","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.17.0","versionType":"semver","status":"affected"}]},{"vendor":"NI","product":"InstrumentStudio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"security@ni.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:32:48.323003Z","id":"CVE-2026-9143","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ni.com","type":"Secondary","description":[{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*","versionEndIncluding":"2025","matchCriteriaId":"87FF2C16-85F8-4F69-BF2D-0FB5D7049C6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q1:*:*:*:*:*:*","matchCriteriaId":"E403ACA4-50C9-49CC-9E8A-108929808AB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ni:instrumentstudio:2026:q2:*:*:*:*:*:*","matchCriteriaId":"FE21F1C5-405D-4980-9248-50C2D71A91D2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ni:ni_grpc_device_server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.18.0","matchCriteriaId":"D293F76D-29A0-49D7-A538-456A7B209E0A"}]}]}],"references":[{"url":"https://github.com/ni/grpc-device/security/advisories/GHSA-rhh6-fvjv-8m84","source":"security@ni.com","tags":["Vendor Advisory"]},{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html","source":"security@ni.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-20085","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:31.260","lastModified":"2026-06-22T21:14:49.503","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Realtek","product":"Realtek High Definition Audio Driver","versions":[{"version":"6.0.1.6730","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:08:13.185724Z","id":"CVE-2016-20085","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/40587","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/realtek-high-definition-audio-driver-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20086","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.270","lastModified":"2026-06-22T18:40:05.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vembu","product":"Vembu StoreGrid","versions":[{"version":"4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:55:01.326832Z","id":"CVE-2016-20086","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/40582","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vembu-storegrid-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20087","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.403","lastModified":"2026-06-23T15:16:00.660","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Networkdls","product":"Fortitude HTTP","versions":[{"version":"1.0.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:38:12.862948Z","id":"CVE-2016-20087","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://www.networkdls.com/","source":"disclosure@vulncheck.com"},{"url":"http://www.networkdls.com/Software/View/Fortitude_HTTP","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40461","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/fortitude-http-unquoted-service-path-elevation-of-privilege","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20088","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.530","lastModified":"2026-06-22T21:16:38.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Comodo","product":"Chromodo Browser","versions":[{"version":"0","lessThanOrEqual":"52.15.25.664","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:48:35.899847Z","id":"CVE-2016-20088","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://yildirimyunus.com","source":"disclosure@vulncheck.com"},{"url":"https://www.comodo.com","source":"disclosure@vulncheck.com"},{"url":"https://www.comodo.com/home/browsers-toolbars/chromodo-private-internet-browser.php","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40473","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/comodo-chromodo-browser-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20089","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.660","lastModified":"2026-06-23T20:16:45.670","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Iperiusremote","product":"Iperius Remote","versions":[{"version":"1.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T19:08:34.896714Z","id":"CVE-2016-20089","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://www.iperiusremote.com","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40427","source":"disclosure@vulncheck.com"},{"url":"https://www.iperiusremote.com/download.aspx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/iperius-remote-unquoted-service-path-elevation-of-privilege","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20090","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.797","lastModified":"2026-06-22T21:16:38.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Comodo","product":"Dragon Browser","versions":[{"version":"0","lessThanOrEqual":"52.15.25.663","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:33:30.951157Z","id":"CVE-2016-20090","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://yildirimyunus.com","source":"disclosure@vulncheck.com"},{"url":"https://www.comodo.com","source":"disclosure@vulncheck.com"},{"url":"https://www.comodo.com/home/browsers-toolbars/browser.php","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40471","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/comodo-dragon-browser-privilege-escalation-via-unquoted-service-path","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20091","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:32.927","lastModified":"2026-06-22T21:14:21.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Binisoft","product":"Windows Firewall Control","versions":[{"version":"4.8.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:25:40.526143Z","id":"CVE-2016-20091","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://www.binisoft.org","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40443","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/windows-firewall-control-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20092","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.060","lastModified":"2026-06-23T15:29:08.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Netdrive","product":"NetDrive","versions":[{"version":"2.6.12","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:06:31.781119Z","id":"CVE-2016-20092","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://www.netdrive.net/","source":"disclosure@vulncheck.com"},{"url":"http://www.netdrive.net/download","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40422","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/netdrive-unquoted-service-path-elevation-of-privilege","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20093","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.183","lastModified":"2026-06-23T15:29:08.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wisecleaner","product":"Wise Care 365","versions":[{"version":"4.27","status":"affected"}]},{"vendor":"Wisecleaner","product":"Wise Disk Cleaner","versions":[{"version":"9.29","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:40:08.356377Z","id":"CVE-2016-20093","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://www.wisecleaner.com","source":"disclosure@vulncheck.com"},{"url":"http://www.wisecleaner.com/wise-disk-cleaner.html","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40417","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wise-care-365-and-wise-disk-cleaner-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2016-20094","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.310","lastModified":"2026-06-26T13:02:26.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during application startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Anydesk","product":"AnyDesk","versions":[{"version":"2.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:49:04.863748Z","id":"CVE-2016-20094","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anydesk:anydesk:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0153032A-51B3-4F5E-87F0-D5952CB3EF8C"}]}]}],"references":[{"url":"http://anydesk.com","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"http://anydesk.com/download","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.exploit-db.com/exploits/40410","source":"disclosure@vulncheck.com","tags":["Exploit","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/anydesk-unquoted-service-path-elevation-of-privilege","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-20095","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.440","lastModified":"2026-06-23T20:16:46.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Matrix42","product":"Matrix42 Remote Control Host","versions":[{"version":"3.20.0031","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T19:07:29.177657Z","id":"CVE-2016-20095","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/39908","source":"disclosure@vulncheck.com"},{"url":"https://www.matrix42.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/matrix42-remote-control-host-unquoted-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25747","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.597","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with LocalSystem privileges when the service starts or restarts."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Network-Inventory-Advisor","product":"Network Inventory Advisor","versions":[{"version":"5.0.26.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:34:04.993590Z","id":"CVE-2019-25747","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/47584","source":"disclosure@vulncheck.com"},{"url":"https://www.network-inventory-advisor.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.network-inventory-advisor.com/download.html","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/network-inventory-advisor-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37250","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.740","lastModified":"2026-06-22T21:14:49.503","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Weird-Solutions","product":"TFTP Broadband","versions":[{"version":"4.3.0.1465","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:29:34.540758Z","id":"CVE-2020-37250","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/49852","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/tftp-broadband-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"},{"url":"https://www.weird-solutions.com","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37251","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:33.877","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Real","product":"RealTimes Desktop Service","versions":[{"version":"18.1.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:07:18.320476Z","id":"CVE-2020-37251","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/49021","source":"disclosure@vulncheck.com"},{"url":"https://www.real.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/realtimes-desktop-service-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37252","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.017","lastModified":"2026-06-23T15:09:12.060","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Realtek","product":"Realtek Audio Service","versions":[{"version":"1.0.0.55","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:40:51.350428Z","id":"CVE-2020-37252","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/49015","source":"disclosure@vulncheck.com"},{"url":"https://www.realtek.com/en/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/realtek-audio-service-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37253","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.147","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Winstep","product":"Winstep","versions":[{"version":"18.06.0096","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:26:44.931666Z","id":"CVE-2020-37253","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/49004","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/winstep-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37254","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.273","lastModified":"2026-06-23T20:16:46.900","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wondershare","product":"PDFelement","versions":[{"version":"5.2.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:52:44.428201Z","id":"CVE-2020-37254","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"http://download.wondershare.com/inst/pdfelement_setup_full1042.exe","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/40535","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wondershare-pdfelement-privilege-escalation-via-unquoted-service-path","source":"disclosure@vulncheck.com"},{"url":"https://www.wondershare.com/","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2021-47985","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.420","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Brother","product":"SAPSprint","versions":[{"version":"7.60","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:34:48.865563Z","id":"CVE-2021-47985","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://brother.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/50061","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/brother-sapsprint-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2022-50971","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.560","lastModified":"2026-06-26T12:59:54.160","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Malwarebytes","product":"Malwarebytes","versions":[{"version":"4.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:33:58.960955Z","id":"CVE-2022-50971","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:windows:*:*","versionEndIncluding":"4.5.0","matchCriteriaId":"2F26EB39-BBF6-4AD4-BA7F-EB0C65EF1511"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/50806","source":"disclosure@vulncheck.com","tags":["VDB Entry","Exploit"]},{"url":"https://www.malwarebytes.com/","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.malwarebytes.com/mwb-download/","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.vulncheck.com/advisories/malwarebytes-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-54353","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.713","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\\ or subdirectories like C:\\Program Files (x86)\\Personify\\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Personifyinc","product":"Chromacam","versions":[{"version":"4.0.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:08:02.517735Z","id":"CVE-2023-54353","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://personifyinc.com/","source":"disclosure@vulncheck.com"},{"url":"https://personifyinc.com/download/chromacam","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/51210","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71326","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T15:16:34.890","lastModified":"2026-06-23T15:37:54.137","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Avast","product":"AVAST Antivirus","versions":[{"version":"25.11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:41:43.799293Z","id":"CVE-2025-71326","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-428"}]}],"references":[{"url":"https://www.avast.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/52510","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avast-antivirus-unquoted-service-path-privilege-escalation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-21768","sourceIdentifier":"psirt@hcl.com","published":"2026-06-19T15:16:35.020","lastModified":"2026-06-22T20:42:41.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Verse for Android","defaultStatus":"unaffected","versions":[{"version":"14.5.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:36:14.172439Z","id":"CVE-2026-21768","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130866","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-49358","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T15:16:35.143","lastModified":"2026-06-23T03:16:41.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is a public array, and `removeTemporaryFiles()` — invoked from `__destruct()` and from a registered shutdown function — calls `unlink()` on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generator instance can push an arbitrary path into the array and have it deleted on script shutdown. This mirrors the KnpLabs/snappy issue GHSA-87qc-37cw-84h4. PhpWeasyPrint version 2.6.0 contains a patch for the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pontedilana","product":"php-weasyprint","versions":[{"version":"< 2.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.5,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:08:49.575183Z","id":"CVE-2026-49358","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/KnpLabs/snappy/security/advisories/GHSA-87qc-37cw-84h4","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/commit/6d328ffd3bcb800c7c2e8a594b1bff0c099c9391","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/releases/tag/2.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2017-20252","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:13.753","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nextgeneditor","product":"NextGen Editor","versions":[{"version":"2.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:27:30.608915Z","id":"CVE-2017-20252","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://extensions.joomla.org/extension/nextgen-editor/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/43365","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-nextgen-editor-sql-injection-via-plname-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20253","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:14.760","lastModified":"2026-06-23T18:17:29.947","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Gegabyte","product":"My Projects","versions":[{"version":"2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:00:42.424406Z","id":"CVE-2017-20253","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://www.gegabyte.org/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/directory-a-documentation/portfolio/my-projects/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/43358","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-my-projects-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20254","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:14.900","lastModified":"2026-06-22T20:16:25.750","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=com_userbench&view=detail&userid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Gegabyte","product":"User Bench","versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:37:03.082649Z","id":"CVE-2017-20254","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://www.gegabyte.org/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/user-bench/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/43357","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-user-bench-sql-injection-via-userid","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20255","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.023","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joombooking","product":"JB Visa","versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:33:06.699295Z","id":"CVE-2017-20255","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joombooking.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-visa/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/43350","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-jb-visa-sql-injection-via-visatype","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20256","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.157","lastModified":"2026-06-23T03:16:39.420","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomplace","product":"Survey Force Deluxe","versions":[{"version":"3.2.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:10:41.527590Z","id":"CVE-2017-20256","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomplace.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/contacts-and-feedback/surveys/survey-force-deluxe/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42606","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-survey-force-deluxe-sql-injection-via-invite-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20257","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.280","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomplace","product":"Quiz Deluxe","versions":[{"version":"3.7.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:43:27.023111Z","id":"CVE-2017-20257","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomplace.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42589","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-quiz-deluxe-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20258","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.407","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Extro","product":"RPC","versions":[{"version":"1.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:28:52.991544Z","id":"CVE-2017-20258","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://extensions.joomla.org/extension/rpc-responsive-portfolio/","source":"disclosure@vulncheck.com"},{"url":"https://extro.media/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42564","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-rpc-responsive-portfolio-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20259","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.533","lastModified":"2026-06-23T18:17:30.933","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomlashack","product":"OSDownloads","versions":[{"version":"1.7.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:57:48.312021Z","id":"CVE-2017-20259","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/osdownloads/","source":"disclosure@vulncheck.com"},{"url":"https://joomlashack.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42561","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-osdownloads-sql-injection-via-item-view","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20260","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.660","lastModified":"2026-06-22T20:16:25.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Weborange","product":"Price Alert","versions":[{"version":"3.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:38:07.284797Z","id":"CVE-2017-20260","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/price-alert/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42553","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-price-alert-sql-injection","source":"disclosure@vulncheck.com"},{"url":"https://www.weborange.eu/","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20261","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.787","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Weborange","product":"Bargain Product VM3","versions":[{"version":"1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:32:05.516616Z","id":"CVE-2017-20261","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42552","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-bargain-product-vm3-sql-injection","source":"disclosure@vulncheck.com"},{"url":"https://www.weborange.eu/","source":"disclosure@vulncheck.com"},{"url":"https://www.weborange.eu/extensions/index.php/extensions-vm3/bargain-product-vm3-detail","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20262","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:15.917","lastModified":"2026-06-23T03:16:39.533","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=com_ajaxquiz and view=ajaxquiz parameters to extract sensitive database information including table names and column structures."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Webkul","product":"Ajax Quiz","versions":[{"version":"1.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:11:15.589647Z","id":"CVE-2017-20262","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://webkul.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/living/education-a-culture/ajaxquiz/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42532","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-ajax-quiz-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20263","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:16.047","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Focalpointx","product":"FocalPoint Pro / Free","versions":[{"version":"1.2.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:44:14.230214Z","id":"CVE-2017-20263","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://focalpointx.com/","source":"disclosure@vulncheck.com"},{"url":"http://focalpointx.com/demos/focalpoint-pro","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42530","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-focalpoint-pro-free-sql-injection-via-location","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20264","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:16.170","lastModified":"2026-06-22T19:16:31.950","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_sponsorwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Pulseextensions","product":"Sponsor Wall","versions":[{"version":"8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:28:51.228323Z","id":"CVE-2017-20264","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://pulseextensions.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42525","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-sponsor-wall-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20265","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:16.300","lastModified":"2026-06-23T18:17:31.047","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Pulseextensions","product":"Flip Wall","versions":[{"version":"8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:55:29.055022Z","id":"CVE-2017-20265","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://pulseextensions.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42524","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-flip-wall-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20266","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:16.427","lastModified":"2026-06-22T20:16:25.990","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the searchword parameter to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomshaper","product":"SP Movie Database","versions":[{"version":"1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:38:53.370867Z","id":"CVE-2017-20266","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomshaper.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/sp-movie-database/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42502","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-sp-movie-database-sql-injection-via-searchword","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20267","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T16:16:16.553","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomlathat","product":"Calendar Planner","versions":[{"version":"1.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:17:03.657845Z","id":"CVE-2017-20267","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomlathat.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42501","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-calendar-planner-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20268","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:13.930","lastModified":"2026-06-23T03:16:39.650","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads to extract sensitive database information including database names and table structures."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Zcontent","product":"Zap Calendar Lite","versions":[{"version":"4.3.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:12:17.083736Z","id":"CVE-2017-20268","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://extensions.joomla.org/extensions/extension/calendars-a-events/events/zap-calendar-lite/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42500","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-zap-calendar-lite-sql-injection","source":"disclosure@vulncheck.com"},{"url":"https://zcontent.net/","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20269","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:14.940","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Terrywcarter","product":"KissGallery","versions":[{"version":"1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:46:48.317968Z","id":"CVE-2017-20269","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://terrywcarter.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42494","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-kissgallery-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20270","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.063","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Raindropsinfotech","product":"Twitch Tv","versions":[{"version":"1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:55:34.814951Z","id":"CVE-2017-20270","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://www.raindropsinfotech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/sports-a-games/game-servers/twitch-tv-component/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42493","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-twitch-tv-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20271","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.190","lastModified":"2026-06-23T18:17:31.160","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information including version and database names."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nordmograph","product":"StreetGuessr Game","versions":[{"version":"1.1.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:53:24.208735Z","id":"CVE-2017-20271","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42423","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-streetguessr-game-sql-injection-via-catid","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20272","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.313","lastModified":"2026-06-22T20:16:26.113","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_selectuser_id parameter. Attackers can send GET requests to index.php with the option=com_upl and view=propertylisting parameters to extract sensitive database information including table names and column structures."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Faboba","product":"Ultimate Property Listing","versions":[{"version":"1.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:39:53.323231Z","id":"CVE-2017-20272","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42417","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-ultimate-property-listing-sql-injection-via-sf-selectuser-id","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20273","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.430","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_registrationpro&view=category&id parameter containing SQL injection payloads to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomlashowroom","product":"Event Registration Pro Calendar","versions":[{"version":"4.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:18:19.626923Z","id":"CVE-2017-20273","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42416","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-event-registration-pro-calendar-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20274","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.553","lastModified":"2026-06-23T03:16:39.753","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"King-products","product":"LMS King Professional","versions":[{"version":"3.2.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:14:25.225797Z","id":"CVE-2017-20274","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42415","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-lms-king-professional-sql-injection-via-learningpath","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20275","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.677","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Henryschorradt","product":"Bridge","versions":[{"version":"1.2.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:55:33.432382Z","id":"CVE-2017-20275","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42414","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-php-bridge-sql-injection-via-id-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20276","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.813","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Simbunch","product":"SIMGenealogy","versions":[{"version":"2.1.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:56:22.701563Z","id":"CVE-2017-20276","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42413","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-simgenealogy-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20277","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:15.940","lastModified":"2026-06-23T18:17:31.267","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomboost","product":"Joomla JoomRecipe","versions":[{"version":"1.0.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:51:38.573694Z","id":"CVE-2017-20277","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomboost.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/42347","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-joomrecipe-component-blind-sql-injection-via-search-author","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20278","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.067","lastModified":"2026-06-22T20:16:26.230","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the category path segment to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomboost","product":"JoomRecipe","versions":[{"version":"1.0.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:42:31.508547Z","id":"CVE-2017-20278","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42185","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-joomrecipe-sql-injection-via-category-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20279","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.190","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Extensions","product":"Joomla Payage","versions":[{"version":"2.05","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:21:19.373231Z","id":"CVE-2017-20279","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42113","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-payage-sql-injection-via-aid-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20280","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.310","lastModified":"2026-06-23T03:16:39.870","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid endpoint to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Myportfolio","product":"Myportfolio","versions":[{"version":"3.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:14:56.685869Z","id":"CVE-2017-20280","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/41930","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-myportfolio-sql-injection-via-pid-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20281","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.433","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomlaboat","product":"Extra Search","versions":[{"version":"2.2.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:56:38.627941Z","id":"CVE-2017-20281","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://www.joomlaboat.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/41663","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-extra-search-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2017-20282","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.557","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Soft-Php","product":"jCart for OpenCart","versions":[{"version":"2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:58:01.019215Z","id":"CVE-2017-20282","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://soft-php.com","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/41642","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-jcart-for-opencart-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25748","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T17:16:16.710","lastModified":"2026-06-22T20:16:26.533","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the rooms parameter to extract sensitive database information including version details."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cmsjunkie","product":"JHotelReservation","versions":[{"version":"6.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:18:29.426779Z","id":"CVE-2019-25748","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://cmsjunkie.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jhotelreservation/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46234","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-jhotelreservation-sql-injection-via-search-hotels","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-3196","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-06-19T17:16:22.810","lastModified":"2026-06-22T18:16:36.107","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition."}],"affected":[{"source":"patrick@puiterwijk.org","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/qemu-project/qemu","packageName":"qemu","versions":[{"version":"8.2.0","lessThanOrEqual":"10.2.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm-ma","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"virt:rhel/qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:53:48.897784Z","id":"CVE-2026-3196","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-3196","source":"patrick@puiterwijk.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443789","source":"patrick@puiterwijk.org"}]}},{"cve":{"id":"CVE-2026-49260","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T17:16:29.477","lastModified":"2026-06-22T20:16:30.087","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary path through `escapeshellarg()` first and then checking the *quoted* result with `is_executable()`. On POSIX `escapeshellarg('/usr/local/bin/weasyprint')` returns `'/usr/local/bin/weasyprint'` with the single-quote characters as part of the string, so `is_executable()` looks for a file whose actual name includes those quotes. That file never exists, the \"safe\" branch is dead code, and the raw `$binary` string (set via the constructor or `setBinary()`) flows directly into `Symfony\\Component\\Process\\Process::fromShellCommandline()`. Any deployment whose binary path is sourced from configuration, an environment variable, or a per-tenant setting reaches a shell-command-injection sink. The library is documented as a one-to-one substitute for KnpLabs/snappy and inherited the exact pre-fix codepath KnpLabs patched in GHSA-vpr4-p6fq-85jc. PhpWeasyPrint version 2.5.1 contains a patch for the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pontedilana","product":"php-weasyprint","versions":[{"version":"< 2.5.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:45:10.727602Z","id":"CVE-2026-49260","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/KnpLabs/snappy/security/advisories/GHSA-vpr4-p6fq-85jc","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/commit/9e86a2b317237fc5728f712f5037164530117f7e","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/releases/tag/2.5.1","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-f5gc-qxf8-mh9g","source":"security-advisories@github.com"},{"url":"https://github.com/KnpLabs/snappy/security/advisories/GHSA-vpr4-p6fq-85jc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-f5gc-qxf8-mh9g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2019-25749","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:16.473","lastModified":"2026-06-22T19:16:33.213","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guest_adult parameter to extract sensitive database information or manipulate database records."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cmsjunkie","product":"J-CruisePortal","versions":[{"version":"6.0.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:53:21.779727Z","id":"CVE-2019-25749","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://cmsjunkie.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.cmsjunkie.com/joomla-cruise-reservation-portal","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46233","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-j-cruiseportal-sql-injection-via-cruises","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25750","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:17.473","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL UNION SELECT statements to extract sensitive database information including table names and column data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cmsjunkie","product":"MultipleHotelReservation","versions":[{"version":"6.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:07:22.623340Z","id":"CVE-2019-25750","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://cmsjunkie.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jmultiplehotelreservation/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46232","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-j-multiplehotelreservation-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25751","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:17.600","lastModified":"2026-06-23T03:16:40.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch parameters to the displayads component to extract sensitive database information including usernames, databases, and version details."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cmsjunkie","product":"ClassifiedsManager","versions":[{"version":"3.0.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:17:14.166738Z","id":"CVE-2019-25751","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://cmsjunkie.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/j-classifiedsmanager/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46231","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-j-classifiedsmanager-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25752","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:17.723","lastModified":"2026-06-22T19:16:33.847","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the option=com_jbusinessdirectory&task=categories.getCategories parameters and inject UNION-based SQL statements in the type parameter to extract database information including schema names and sensitive data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cmsjunkie","product":"J-BusinessDirectory","versions":[{"version":"4.9.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:47:05.673573Z","id":"CVE-2019-25752","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://cmsjunkie.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46230","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-j-businessdirectory-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25753","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:17.847","lastModified":"2026-06-22T18:35:16.377","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=com_vmap&task=loadmarker parameters containing SQL injection payloads to manipulate database queries and extract sensitive information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"VMap","versions":[{"version":"1.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:03:17.992945Z","id":"CVE-2019-25753","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/vmap/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46229","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-vmap-sql-injection-via-loadmarker","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25754","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:17.973","lastModified":"2026-06-22T20:16:26.660","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL payloads in the keysearch parameter to extract database table names and sensitive information from the database."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vRestaurant","versions":[{"version":"1.9.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:12:31.921855Z","id":"CVE-2019-25754","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46228","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-vrestaurant-sql-injection-via-menu-listing-layout","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25755","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.100","lastModified":"2026-06-22T19:16:34.470","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION statements in the cmId parameter to extract database information including usernames, passwords, and database versions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vReview","versions":[{"version":"1.9.11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:52:27.442371Z","id":"CVE-2019-25755","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/clients-a-communities/ratings-a-reviews/vreview/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46227","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-vreview-sql-injection-via-editreview","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25756","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.230","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloads in the vid parameter to extract sensitive database information including version and database names."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vAccount","versions":[{"version":"2.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:08:04.783112Z","id":"CVE-2019-25756","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/financial/cost-calculators/vaccount/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46226","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-vaccount-sql-injection-via-vaccount-dashboard","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25757","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.360","lastModified":"2026-06-23T03:16:40.117","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these parameters to extract sensitive database information including version and database names."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vWishlist","versions":[{"version":"1.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:17:59.320596Z","id":"CVE-2019-25757","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46225","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-vwishlist-sql-injection-via-vproductid-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25758","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.523","lastModified":"2026-06-22T19:43:54.080","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vBizz","versions":[{"version":"1.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:05:28.488607Z","id":"CVE-2019-25758","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46224","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-vbizz-remote-code-execution","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25759","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.763","lastModified":"2026-06-22T18:39:03.037","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wdmtech","product":"vBizz","versions":[{"version":"1.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:07:52.891878Z","id":"CVE-2019-25759","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://wdmtech.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46223","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-vbizz-sql-injection","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25760","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:18.890","lastModified":"2026-06-22T20:16:26.793","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomtech","product":"Easy Shop","versions":[{"version":"1.2.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:10:17.140555Z","id":"CVE-2019-25760","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/easy-shop/","source":"disclosure@vulncheck.com"},{"url":"https://joomtech.net/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46219","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-easy-shop-local-file-inclusion","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25761","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:19.020","lastModified":"2026-06-22T19:16:35.090","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm&view=contacts and inject SQL code in the deal_id parameter to extract sensitive database information including table names and schemas."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomboost","product":"JoomCRM","versions":[{"version":"1.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:51:59.270838Z","id":"CVE-2019-25761","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://joomboost.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46122","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-joomcrm-sql-injection-via-deal-id","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2019-25762","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T18:16:19.143","lastModified":"2026-06-22T18:37:09.003","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Joomboost","product":"JoomProject","versions":[{"version":"1.1.3.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:08:49.944558Z","id":"CVE-2019-25762","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"references":[{"url":"http://joomboost.com/","source":"disclosure@vulncheck.com"},{"url":"https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/46121","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-component-joomproject-information-disclosure","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-49271","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T18:16:19.353","lastModified":"2026-06-26T12:33:18.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash. Version 1.22.1 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"strukturag","product":"libheif","versions":[{"version":"< 1.22.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:01:07.409364Z","id":"CVE-2026-49271","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:struktur:libheif:*:*:*:*:*:*:*:*","versionEndExcluding":"1.22.1","matchCriteriaId":"9F3B7B77-FD41-45AE-BC05-FF850198DAC1"}]}]}],"references":[{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-r7qj-cg5r-r6vf","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-r7qj-cg5r-r6vf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49286","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T18:16:19.487","lastModified":"2026-06-22T18:20:40.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so `PHAR://`, `Phar://`, etc. bypass the check and reach `fileExists()` (`file_exists()`) in `prepareOutput()`. On PHP 7 (which the library still supports — PHP 7.4+), this triggers deserialization of a crafted PHAR archive's metadata, leading to remote code execution. This is the patch-bypass of CVE-2023-28115. The same issue and fix were handled upstream in KnpLabs/snappy (GHSA-92rv-4j2h-8mjj). PhpWeasyPrint version 2.6.0 contains a patch for the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pontedilana","product":"php-weasyprint","versions":[{"version":"< 2.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:22:36.863995Z","id":"CVE-2026-49286","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/commit/d1aa487722b5a3cab9b222b85fdb5608a5a550c3","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/releases/tag/2.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49287","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T18:16:19.617","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets. This requires a front-end template that passes request input into a tag's sort parameter. It is not exploitable by default — a template would need to be explicitly set up to sort by a visitor-controlled value. This has been fixed in 5.73.23 and 6.20.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"statamic","product":"cms","versions":[{"version":"< 5.73.23","status":"affected"},{"version":">= 6.0.0, < 6.20.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:21:45.638818Z","id":"CVE-2026-49287","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"references":[{"url":"https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w","source":"security-advisories@github.com"},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-m92m-r54r-x8r2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49290","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T18:16:19.750","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC (CDLC). Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a crafted PSARC or sloppak archive. With the default Docker configuration (running as root) and the ability to drop a file into the plugin directory, this escalates to arbitrary remote code execution on the host. Three archive extractors concatenated archive-entry filenames directly onto the extraction root without validation: `lib/psarc.py::unpack_psarc` — PSARC TOC filenames; `lib/patcher.py::unpack_psarc` — duplicate of the above in the patcher flow; `lib/sloppak.py::_unpack_zip` — bare `ZipFile.extractall()` with no member filter. Each accepts entry names containing `..` segments, absolute paths, or backslash separators. The Python `zipfile` module's default `extractall()` is documented as not preventing traversal when callers don't supply a member-filter callback. Version 0.2.9-alpha.5 patches the issue. Until updated, do not open PSARC or sloppak archives from untrusted sources, and do not expose the Slopsmith instance to the public internet. Docker users should also pull the latest image after the next slopsmith Docker image is published."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"byrongamatos","product":"slopsmith","versions":[{"version":"< 0.2.9-alpha.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:04:05.730204Z","id":"CVE-2026-49290","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"},{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://github.com/byrongamatos/slopsmith/commit/9cccac12a","source":"security-advisories@github.com"},{"url":"https://github.com/byrongamatos/slopsmith/security/advisories/GHSA-8wr9-348x-xwmr","source":"security-advisories@github.com"},{"url":"https://web.archive.org/web/20260522065709/https://github.com/byrongamatos/slopsmith","source":"security-advisories@github.com"},{"url":"https://web.archive.org/web/20260522065709/https://github.com/byrongamatos/slopsmith","source":"security-advisories@github.com"},{"url":"https://web.archive.org/web/20260522065709/https://github.com/byrongamatos/slopsmith","source":"security-advisories@github.com"},{"url":"https://web.archive.org/web/20260522065709/https://github.com/byrongamatos/slopsmith","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49359","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T18:16:19.890","lastModified":"2026-06-23T03:16:41.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option values server-side via `file_get_contents()` when the value looks like a URL, without restricting the URL scheme. The `attachment` option of `Pdf` is the reachable sink: any value that passes `isOptionUrl()` (`filter_var(..., FILTER_VALIDATE_URL)`) is downloaded by the PHP process and embedded into the generated PDF. Because `FILTER_VALIDATE_URL` accepts `http`, `https`, `ftp`, `file` and PHP stream wrappers such as `php://`, an attacker who can influence the `attachment` value reaches both a **Server-Side Request Forgery** primitive (e.g. internal HTTP endpoints, cloud metadata) and a local file disclosure primitive (`file://`, `php://filter/...`), with the fetched bytes exfiltrated as a PDF attachment. This is the same class of issue KnpLabs/snappy patched for its `xsl-style-sheet` option in GHSA-c5fp-p67m-gq56. The library is documented as a one-to-one substitute for KnpLabs/snappy and shares the same code shape. PhpWeasyPrint version 2.6.0 contains a patch for the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"pontedilana","product":"php-weasyprint","versions":[{"version":"< 2.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:15:43.408580Z","id":"CVE-2026-49359","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/KnpLabs/snappy/security/advisories/GHSA-c5fp-p67m-gq56","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/commit/9582dcf119a405276cf55e9e10bc577a887792cb","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/releases/tag/2.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-x8g9-h984-pc36","source":"security-advisories@github.com"},{"url":"https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-x8g9-h984-pc36","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2023-54357","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T19:16:25.840","lastModified":"2026-06-23T03:16:40.520","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Artio","product":"Joomla! com_booking component","versions":[{"version":"2.4.9","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:19:20.252344Z","id":"CVE-2023-54357","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"http://www.artio.net/","source":"disclosure@vulncheck.com"},{"url":"http://www.artio.net/downloads/joomla/book-it/book-it-2-free/download","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/51595","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/joomla-com-booking-information-disclosure-via-account-enumeration","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-12238","sourceIdentifier":"security@wordfence.com","published":"2026-06-19T19:16:27.093","lastModified":"2026-06-24T21:16:52.310","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to create arbitrary records in plugin database tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-backed class name via the phpClass parameter. The namespace validation check (requiring the 'WPGMZA' prefix) does not prevent exploitation because classes such as WPGMZA\\Map and WPGMZA\\Marker satisfy it while still triggering an INSERT into the corresponding plugin table before the route rejects the request."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpgmaps","product":"WP Go Maps – Google Map, OpenStreetMap, Leaflet Map","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"10.1.01","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:52:32.679700Z","id":"CVE-2026-12238","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-google-maps/tags/10.0.10/includes/class.rest-api.php#L1052","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c51c6cfb-9a79-4190-87ff-7eddb866ae56?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12726","sourceIdentifier":"secalert@redhat.com","published":"2026-06-19T19:16:27.217","lastModified":"2026-06-22T18:33:17.533","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.statuses_url value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub Personal Access Token as its webhook credential, the controller later POSTs that token to the stored callback URL when posting job status updates. An attacker who can submit a correctly signed forged webhook using the job template's webhook_key can redirect the callback to an attacker-controlled URL and exfiltrate the configured GitHub PAT."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:08:33.221112Z","id":"CVE-2026-12726","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12726","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490796","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-49288","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.040","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources. Depending on the resource, this could expose titles, custom field values, entry content, asset metadata, and the existence of users, roles, and groups. No data could be modified. This has been fixed in 5.73.23 and 6.20.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"statamic","product":"cms","versions":[{"version":"< 5.73.23","status":"affected"},{"version":">= 6.0.0, < 6.20.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:51:28.129379Z","id":"CVE-2026-49288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/statamic/cms/security/advisories/GHSA-2497-6pwj-pwg7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49291","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.170","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"doobidoo","product":"mcp-memory-service","versions":[{"version":"< 10.65.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:07:36.136160Z","id":"CVE-2026-49291","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/doobidoo/mcp-memory-service/security/advisories/GHSA-2r68-g678-7qr3","source":"security-advisories@github.com"},{"url":"https://pypi.org/project/mcp-memory-service/10.65.3","source":"security-advisories@github.com"},{"url":"https://web.archive.org/web/20260508112116/https://github.com/doobidoo/mcp-memory-service/","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49293","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.297","lastModified":"2026-06-26T12:11:46.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input digit. Each iteration performs a `BigInt * BigInt` operation on an accumulator that grows linearly with the number of digits already consumed, so the whole loop is O(n²) in the literal length. The lexer regex places no upper bound on the literal length, so a single TOML document containing one ~500 kB hex literal pins one CPU core for ~40 seconds on a modern laptop (Apple M-series, Node v22). Memory amplification is bounded but CPU amplification is severe and grows quadratically: doubling the literal length quadruples the work. A caller that invokes `load()` on attacker-controlled TOML (configuration upload endpoints, CI/CD systems ingesting third-party `*.toml`, IDE plugins, build tools) is exposed to a single-request CPU exhaustion DoS. Version 1.1.1 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sunnyadn","product":"js-toml","versions":[{"version":"< 1.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:09:42.727540Z","id":"CVE-2026-49293","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"},{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sunnyadn:js-toml:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.1.1","matchCriteriaId":"9C4EB3F2-9198-41C8-BF40-63A7E2BDFF11"}]}]}],"references":[{"url":"https://github.com/sunnyadn/js-toml/commit/1abcb31dc7b1fa88e4c848a8d108891cfbb96fa2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/sunnyadn/js-toml/releases/tag/v1.1.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/sunnyadn/js-toml/security/advisories/GHSA-wp3c-266w-4qfq","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/sunnyadn/js-toml/security/advisories/GHSA-wp3c-266w-4qfq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49336","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.430","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from cross-origin redirect targets, but the default `scrubSensitiveHeaders` callback in `RedirectHandlerOptions` uses case-sensitive property deletion (`delete headers.Authorization`, `delete headers.Cookie`) on a headers object that `FetchRequestAdapter.getRequestFromRequestInformation` has already lower-cased. The delete therefore targets keys that do not exist, the scrub is a no-op, and any Bearer token or Cookie attached by a kiota-generated SDK is forwarded to an attacker-controlled host across a 30x redirect. This is reachable in the default middleware chain (`MiddlewareFactory.getDefaultMiddlewares`) with no custom configuration, and applies to every kiota-generated TypeScript SDK that uses `BaseBearerTokenAuthenticationProvider` or any other authentication provider that sets the `Authorization` request header. Version 1.0.0-preview.102 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"microsoft","product":"kiota-typescript","versions":[{"version":">= 1.0.0-preview.97, < 1.0.0-preview.102","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:05:06.323889Z","id":"CVE-2026-49336","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"},{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/microsoft/kiota-typescript/commit/09f8bd9b34d68bf412a9b78f6ca7e7961ef14974","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota-typescript/security/advisories/GHSA-396q-4vc8-28x9","source":"security-advisories@github.com"},{"url":"https://github.com/microsoft/kiota-typescript/security/advisories/GHSA-396q-4vc8-28x9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49338","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.557","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/deletePlaylist.view` and `/rest/getPlaylist.view` perform no per-resource authorization. Once authenticated as any user (admin or not), an attacker can delete any playlist owned by any other user (including admin) by passing its `id` and read the full contents (name, comment, song list) of any other user's **private** (non-public) playlist by passing its `id`. The Subsonic playlist `id` is `base64url(\"<userID>/<filename>.m3u\")`. Because filenames are user-supplied or time-derived and the `userID` is a small integer, IDs are guessable and frequently exposed (e.g. a previously-public playlist that was later made private still has the same ID). This breaks the multi-user trust boundary of gonic: a low-privileged user can wipe an administrator's curated playlists, and a user can exfiltrate any private playlist they obtain an ID for. The issue was fixed in commit `6dd71e6a3c966867ef8c900d359a7df75789f410`, which is part of version 0.21.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sentriz","product":"gonic","versions":[{"version":"< 0.21.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:20:58.415088Z","id":"CVE-2026-49338","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/sentriz/gonic/commit/6dd71e6","source":"security-advisories@github.com"},{"url":"https://github.com/sentriz/gonic/security/advisories/GHSA-hmgp-w9jm-vp95","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49339","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.687","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in  commit `6dd71e6a3c966867ef8c900d359a7df75789f410` added an ownership check based on `playlist.UserID`. However, `playlist.UserID` is derived from the first path segment of the attacker-controlled playlist ID, with no path containment on the resolved file path. Any authenticated Subsonic user can therefore bypass the ownership check and read any other user's playlist, delete any other user's playlist, and probe arbitrary file paths on the host for existence/readability. This is a bypass of the boundary the `6dd71e6` fix is trying to enforce; it is closely related to the original GONIC-1 IDOR but uses a different primitive (path traversal in the `id` parameter rather than direct cross-user access). Commit 0824bed88f6bbc490ba28bf09d28e5dfeb07b445 in version 0.21.0 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sentriz","product":"gonic","versions":[{"version":"< 0.21.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:08:22.855813Z","id":"CVE-2026-49339","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/sentriz/gonic/commit/0824bed88f6bbc490ba28bf09d28e5dfeb07b445","source":"security-advisories@github.com"},{"url":"https://github.com/sentriz/gonic/commit/6dd71e6","source":"security-advisories@github.com"},{"url":"https://github.com/sentriz/gonic/security/advisories/GHSA-2fp4-5v5c-4448","source":"security-advisories@github.com"},{"url":"https://github.com/sentriz/gonic/security/advisories/GHSA-2fp4-5v5c-4448","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49340","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T19:16:36.817","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (including non-admin) to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with `0o777` permissions. The bug is independent of CVE-2026-49338 and CVE-2026-49339. It is an unreachable guard clause combined with no path containment in `Store.Write`. Version 0.21.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sentriz","product":"gonic","versions":[{"version":"< 0.21.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:50:48.480604Z","id":"CVE-2026-49340","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-697"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://github.com/sentriz/gonic/security/advisories/GHSA-4gxv-p5g5-j7w7","source":"security-advisories@github.com"},{"url":"https://github.com/sentriz/gonic/security/advisories/GHSA-4gxv-p5g5-j7w7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9375","sourceIdentifier":"security@huntr.dev","published":"2026-06-19T19:16:36.947","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue arises due to three independent code paths in `response.py` that bypass the `max_length` protection introduced in version 2.6.0 to mitigate CVE-2025-66471. Specifically, negative `max_length` values can be produced due to buffer arithmetic in `read()`, `flush_decoder` unconditionally overrides `max_length` to `-1`, and `_flush_decoder()` passes no limit at all, defaulting to unlimited decompression. This allows a malicious HTTP server to trigger an out-of-memory (OOM) condition by decompressing large payloads into memory, leading to a denial of service (DoS). The vulnerability affects urllib3 2.6.3 and Brotli 1.2.0 and impacts applications and libraries using `requests` or `urllib3` to stream content from untrusted sources."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"urllib3","product":"urllib3/urllib3","versions":[{"version":"unspecified","lessThan":"2.7.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:53:04.589743Z","id":"CVE-2026-9375","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/ddd09eb9-b87d-4a43-84df-48837b1bbc23","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/ddd09eb9-b87d-4a43-84df-48837b1bbc23","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48089","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:16.583","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the other vulnerability-triage write endpoints exposed under a public asset, including VEX rule create / update / reapply / delete; dependency-vuln event creation (accept / reject / mitigate decisions), batch event creation, vuln sync, and mitigation; license risk creation; external reference writes; and/or artifact creation and license refresh. The attacker needs a valid account on the instance, but no membership in the victim organization, project, or asset is required. Version `v1.4.2`contains a patch. As a workaround, make affected assets non-public. In the asset settings, switch visibility from public to private. This removes the public-read exemption in the access-control middleware and restores correct authorization on all write endpoints for that asset. Downstream consumers that previously relied on the public `vex.json` / `sbom.json` endpoints will need to be granted explicit access or must receive an exported file version until the patched release is deployed."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"l3montree-dev","product":"devguard","versions":[{"version":"< 1.4.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:17:04.632906Z","id":"CVE-2026-48089","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/l3montree-dev/devguard/commit/1be88ec1309a5dc0566e35a23bdc4ea3ecd11417","source":"security-advisories@github.com"},{"url":"https://github.com/l3montree-dev/devguard/security/advisories/GHSA-6p54-fw2f-q7gf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48715","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:17.663","lastModified":"2026-06-26T20:17:01.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"radvd-project","product":"radvdump","versions":[{"version":"< 2.21","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:57:31.322095Z","id":"CVE-2026-48715","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radvd.litech:radvd:*:*:*:*:*:*:*:*","versionEndExcluding":"2.21","matchCriteriaId":"D504B756-E540-46F6-B1E0-BCB9683F0938"}]}]}],"references":[{"url":"https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48772","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:17.803","lastModified":"2026-06-23T15:57:26.213","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <addr> <addr> <port> <port>\\r\\n` PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is `UNKNOWN`, the receiver MUST ignore any address fields that follow it, because the proxy has declared it cannot determine the client identity. ProxySQL parses those address fields anyway via `sscanf` and writes the spoofed source address into the session's `addr.addr` field. From there it flows directly into the query-rule matcher, where the `client_addr` predicate decides routing and ACL. When `mysql-proxy_protocol_networks = '*'` (the default), any TCP peer can send a PP1 frame and choose any source IP claim. With that, any `mysql_query_rules` row pinned to a `client_addr` value is forgeable: the attacker writes the address they want to match into the PP1 line, and ProxySQL routes their query as if it came from that address. In practice this is a routing and ACL bypass. Real deployments use `client_addr` for read-write splitting (internal apps go to the primary, public traffic to read replicas), per-app schema pinning, and query-filter rules (DDL allowed only from admin CIDR, public queries blocked from dangerous patterns). An attacker that can reach the frontend port can forge their way into any of those routes. Version 3.0.9 patches this issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sysown","product":"proxysql","versions":[{"version":">= 2.0.0, < 3.0.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:15:18.320420Z","id":"CVE-2026-48772","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-348"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/sysown/proxysql/releases/tag/v3.0.9","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-gw94-85m2-x8v2","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-gw94-85m2-x8v2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48773","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:17.947","lastModified":"2026-06-23T15:55:31.267","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length directly to `recv()` while writing into a fixed 32 KB input queue. Version 3.0.9 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sysown","product":"proxysql","versions":[{"version":">= 2.0.18, < 3.0.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:09:26.043878Z","id":"CVE-2026-48773","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/sysown/proxysql/releases/tag/v3.0.9","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-58ww-865x-grpr","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-58ww-865x-grpr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48774","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:18.087","lastModified":"2026-06-23T15:57:26.213","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword allowlist, but then executes the entire SQL string on a backend connection created with `CLIENT_MULTI_STATEMENTS`. As a result, a caller can submit a read-only first statement followed by a side-effecting second statement, such as `SELECT 1; RENAME TABLE ...`. The validator accepts the payload because it starts with `SELECT` and because side-effecting MySQL statements such as `RENAME TABLE`, `SET`, `RESET`, `LOCK TABLES`, and `KILL` are not rejected by the blacklist. In a live MCP runtime test, the `/mcp/query` endpoint accepted a `run_sql_readonly` request. The MCP response reported success for the first `SELECT`, and direct backend verification showed that the table had actually been renamed. This violates the endpoint's read-only security contract and lets an MCP caller perform backend writes or administrative SQL, limited by the configured MCP target account's database privileges. Version 3.0.9 contains a fix. Other operator mitigations include: keeping MCP disabled unless required; setting a non-empty `mcp-query_endpoint_auth` token before exposing `/mcp/query`; restricting MCP listener network exposure; configuring MCP backend target credentials as database-level read-only users; and adding temporary MCP query rules to block obvious multi-statement patterns."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sysown","product":"proxysql","versions":[{"version":">= 3.0.6, < 3.0.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:22:42.341874Z","id":"CVE-2026-48774","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/sysown/proxysql/commit/e32b7fd50c7c234ea628e392e621e09a2a919e08","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-7wh6-2vcc-gcm4","source":"security-advisories@github.com"},{"url":"https://github.com/sysown/proxysql/security/advisories/GHSA-7wh6-2vcc-gcm4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48787","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:18.237","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then invoking POST /autoCode/mcpStart to trigger a rebuild and restart of the standalone MCP service. This allows arbitrary operating system commands to be executed on the server with the privileges of the application process. Successful exploitation may lead to remote code execution (RCE), modification of backend source code or runtime logic, deployment of persistent backdoors, access to or manipulation of application data and configuration, and further impact on local resources running under the same service account or privilege context. The risk is highest in deployments that retain the source tree, allow writes to source files, and support local build or startup of standalone MCP components. In environments using binary-only releases, read-only filesystems, or with local build capabilities removed, the exploitability of the full attack chain is significantly reduced. However, once the online code-generation capability and MCP-hosted startup workflow are enabled, the overall security impact may reach high to critical severity. As of time of publication, it is unknown if a patched version is available. As a workaround, enforce strict allowlist validation on path- and identifier-related fields such as `humpPackageName`, `packageName`, `FuncName`, and `Router`, and only permit safe identifier formats."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"flipped-aurora","product":"gin-vue-admin","versions":[{"version":"= 2.9.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:48:30.859440Z","id":"CVE-2026-48787","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-22cv-9jv2-6m62","source":"security-advisories@github.com"},{"url":"https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-22cv-9jv2-6m62","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49342","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:18.377","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended static tree. Version 0.9.44 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lsegal","product":"yard","versions":[{"version":"< 0.9.44","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:13:12.964584Z","id":"CVE-2026-49342","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/lsegal/yard/commit/f78c19f0dd33a407085b4ed181bb60c0aa0078b4","source":"security-advisories@github.com"},{"url":"https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8","source":"security-advisories@github.com"},{"url":"https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49344","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:18.520","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `output`), translates it into an Eloquent query, and returns results as JSON. The controller method `QueryController::execute()` does not enforce an authorization gate, unlike `store()` and `massDestroy()` in the same controller which are correctly protected. As a result, any authenticated account — including the read-only Auditor role — can query models beyond its intended scope, including the `User` model. Additionally, the `password` column, although declared `$hidden`, is not excluded from filter predicates, which allows it to be used in `LIKE` conditions. The `schema()` and `schemaModel()` endpoints of the same controller are similarly unguarded. The Query Engine is read-only; integrity and availability are not affected. Version 2025.05.19 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sourcentis","product":"mercator","versions":[{"version":"< 2025.05.19","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:11:00.912509Z","id":"CVE-2026-49344","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"references":[{"url":"https://github.com/sourcentis/mercator/security/advisories/GHSA-q3r8-3h7c-96w3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49345","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T20:16:18.663","lastModified":"2026-06-23T15:59:21.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/parameters`). The `testProvider()` method in `ConfigurationController` passes user-supplied input directly to `curl_init()` without validating the scheme, hostname, or destination IP address. An authenticated user with the `configure` permission can force the Mercator server to issue arbitrary outbound network requests. The suffix `/api/dbInfo` appended to the URL can be bypassed by injecting a `#` fragment character (e.g. `http://TARGET/PATH#`), allowing full control over the target URL. No scheme whitelist, host whitelist, or private/loopback IP block is applied. The `telnet://` scheme can be used for internal port scanning; the `gopher://` scheme enables interaction with unauthenticated internal services (Redis, Memcached), potentially leading to Remote Code Execution under specific deployment conditions. Version 2025.05.19 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sourcentis","product":"mercator","versions":[{"version":"< 2025.05.19","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:58:39.217300Z","id":"CVE-2026-49345","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/sourcentis/mercator/security/advisories/GHSA-6q97-4q5r-96j6","source":"security-advisories@github.com"},{"url":"https://github.com/sourcentis/mercator/security/advisories/GHSA-6q97-4q5r-96j6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42895","sourceIdentifier":"secure@microsoft.com","published":"2026-06-19T21:16:43.413","lastModified":"2026-06-26T21:40:08.740","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Copilot","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-42895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*","matchCriteriaId":"E4A390D9-7457-430A-82CC-A24DA275BF06"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42895","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45480","sourceIdentifier":"secure@microsoft.com","published":"2026-06-19T21:16:51.970","lastModified":"2026-06-24T15:23:37.257","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Azure Active Directory","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-45480","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:azure_active_directory:-:*:*:*:*:*:*:*","matchCriteriaId":"2CF5AE58-9819-45B6-BE7F-49B8F3CBE542"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47203","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:16:57.253","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth (i.e via the `Authorization` header with the `Basic` scheme) on the authz verification endpoint, Authelia takes the username directly from the `Authorization` header and passes it as is to the regulation system for ban checking and attempt recording. LDAP treats usernames case insensitively : `john`, `John`, and `JOHN` all bind as the same user. But the regulation SQL queries treat the lookup of these values in certain scenarios as case sensitive. This allows each variation of a usernames case to have its own ban bucket. Upgrade to 4.39.20 to receive a patch. As a workaround, explicitly disable the basic auth mechanism."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"authelia","product":"authelia","versions":[{"version":">= 4.38.0, < 4.39.20","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:29:23.539472Z","id":"CVE-2026-47203","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"},{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/authelia/authelia/commit/b8985b57b70acdff8f204ed426ff619e763461ad","source":"security-advisories@github.com"},{"url":"https://github.com/authelia/authelia/security/advisories/GHSA-hjj4-hfjm-fmrj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47645","sourceIdentifier":"secure@microsoft.com","published":"2026-06-19T21:16:58.720","lastModified":"2026-06-26T21:42:08.650","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Copilot","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-47645","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_copilot:-:*:*:*:*:*:*:*","matchCriteriaId":"E4A390D9-7457-430A-82CC-A24DA275BF06"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48129","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:16:59.413","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task `inputFiles` writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an `inputFiles` file name, a caller can use `../` path segments to create or overwrite files outside that task working directory on the worker filesystem. Versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43 patch the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"kestra-io","product":"kestra","versions":[{"version":"< 1.0.43","status":"affected"},{"version":">= 1.1.0, < 1.1.19","status":"affected"},{"version":">= 1.2.0, < 1.2.19","status":"affected"},{"version":">= 1.3.0, < 1.3.19","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:25:07.180951Z","id":"CVE-2026-48129","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/kestra-io/kestra/security/advisories/GHSA-q3fw-mvgv-pjr2","source":"security-advisories@github.com"},{"url":"https://github.com/kestra-io/kestra/security/advisories/GHSA-q3fw-mvgv-pjr2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48582","sourceIdentifier":"secure@microsoft.com","published":"2026-06-19T21:17:00.787","lastModified":"2026-06-24T15:24:56.943","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Exchange Online","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-48582","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_online:-:*:*:*:*:*:*:*","matchCriteriaId":"DA6C3728-2BB2-4BA9-BB20-D784F18AD402"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48582","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48794","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:17:01.293","lastModified":"2026-06-23T16:06:25.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may be skipped when it should match a request. The specific conditions that could lead to a security issue for vulnerability are: 1. The specific target resource of the attack must be using the forwarded authorization integration; 2. The requested domain must have two additional segments compared to a session domain i.e. `a.b.example.com` is requested, but the session domain is `example.com`; 3. There access control rules must specify two separate rules which both contain inexact domain matches such as `*.b.example.com` and `*.example.com` i.e. wildcards, username matches, group matches; 4. The rules must be in order of most specific domain to least specific domain; 5. The second rule must be more permissive than the first rule; 6. The attacker must specifically request a URL for the more specific domain, with the second part containing one or more capitalized letters i.e. `https://a.B.example.com` and no other segment with capitalized letters; 7. The integration used must not be the Envoy ExtAuthz integration; and 8. The proxy must not canonicalize the requested host name in the relevant header before sending it to the relevant authorization endpoint. The kind of configuration used to produce this issue and result in a `bypass` rule being matched has long been highly discouraged. Essentially hosts which should be bypassed entirely should not be secured by having the proxy check them with the authorization handlers. Upgrade to 4.39.20 to receive a patch."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"authelia","product":"authelia","versions":[{"version":">= 4.36.0, < 4.39.20","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:50:40.388594Z","id":"CVE-2026-48794","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/authelia/authelia/commit/b6d1d60baa02f216fdb19f5dfeaf2e805829508a","source":"security-advisories@github.com"},{"url":"https://github.com/authelia/authelia/security/advisories/GHSA-j748-h363-wqj8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49295","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:17:01.590","lastModified":"2026-06-26T19:17:19.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate bound check on predicted short-term reference picture set entries. Individual list sizes are validated, but the combined count after predicted RPS construction can exceed the 16-entry `PocStFoll` array, writing at index 16. Version 1.0.20 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"strukturag","product":"libde265","versions":[{"version":"< 1.0.20","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:18:41.430511Z","id":"CVE-2026-49295","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:struktur:libde265:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.20","matchCriteriaId":"DFAFB5DC-69ED-439B-8046-9F12CA49D5AE"}]}]}],"references":[{"url":"https://github.com/strukturag/libde265/commit/691f3a3c55b3d32478c4a49895dee061a282652b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-g2rg-wj66-w594","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-g2rg-wj66-w594","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49337","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:17:01.720","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object\nthat has no active image unit, resulting in attacker-controlled unbounded heap growth. The retained headers are never freed until the picture is released, which may not happen during continuous streaming. Version 1.0.20 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"strukturag","product":"libde265","versions":[{"version":"< 1.0.20","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:59:34.760551Z","id":"CVE-2026-49337","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/strukturag/libde265/commit/683cb9fa603e35840642f98765ab95cdb71cadf9","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-g5hj-rf9f-7vxm","source":"security-advisories@github.com"},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-g5hj-rf9f-7vxm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49346","sourceIdentifier":"security-advisories@github.com","published":"2026-06-19T21:17:01.847","lastModified":"2026-06-26T19:17:38.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"strukturag","product":"libde265","versions":[{"version":"< 1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:04:49.752955Z","id":"CVE-2026-49346","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:struktur:libde265:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"B8290F95-BF35-4C0A-A314-D8B0CBB5760E"}]}]}],"references":[{"url":"https://github.com/strukturag/libde265/commit/8a1b5cf212f78e1c77cb46eb5d56e492a9336eb8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-vv8h-932h-7r86","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/strukturag/libde265/security/advisories/GHSA-vv8h-932h-7r86","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56073","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T22:16:17.623","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely mark verification successful, enabling unauthorized 2FA enablement and account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:27:50.367413Z","id":"CVE-2026-56073","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-x2gq-85v8-j9v4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-otp-bypass-via-response-manipulation-in-email-verification","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-x2gq-85v8-j9v4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56079","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T22:16:17.760","lastModified":"2026-06-22T19:17:22.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhook_deliveries endpoints to exfiltrate HMAC signing secrets and delivery payloads, enabling forged webhook events against victim organizations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:44:53.103003Z","id":"CVE-2026-56079","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hj3h-v877-g5rx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-tenant-authorization-bypass-via-postgrest-webhook-access","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hj3h-v877-g5rx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56080","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T22:16:17.887","lastModified":"2026-06-24T19:17:13.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as non-compliant and repeatedly forces password-reset prompts, permanently locking the Super Admin out of organization access (organization lockout / denial of service) despite valid authentication."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:50:30.610648Z","id":"CVE-2026-56080","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-78rv-3cqj-36xq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-authentication-logic-flaw-in-enforce-password-policy","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-78rv-3cqj-36xq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56081","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T22:16:18.017","lastModified":"2026-06-22T19:17:22.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account, the attacker gains control over the account claimed under the victim's identity, allowing them to read and modify its state and enforce organization-level policies, while the legitimate user is denied access to the account tied to their own email."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:48:44.967855Z","id":"CVE-2026-56081","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-j4cx-5pw6-5v5j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-account-lockout-via-2fa-misconfiguration-on-unverified-email","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-j4cx-5pw6-5v5j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56082","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-19T22:16:18.143","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishable (sb_publishable_*) anon key. An unauthenticated attacker can insert rows into public.build_logs for arbitrary organizations and, because the function uses ON CONFLICT (build_id, org_id) DO UPDATE, can overwrite existing usage/billing records by reusing the same build_id for a target org. This enables cross-tenant tampering of billing build logs and financial-impact denial of service by inflating billable build time."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:02:30.431148Z","id":"CVE-2026-56082","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-42xj-3h9w-26h5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/supabase-unauthenticated-cross-tenant-billing-log-tampering-via-public-record-build-time-rpc","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11551","sourceIdentifier":"security@wordfence.com","published":"2026-06-20T00:16:15.580","lastModified":"2026-06-23T03:16:40.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpmudev","product":"Branda – White Label & Branding, Free Login Page Customizer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.4.29","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:27:43.872261Z","id":"CVE-2026-11551","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.29/inc/modules/login-screen/signup-password.php#L232","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3568291/branda-white-labeling/trunk/inc/modules/login-screen/signup-password.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/56f13af3-71b6-42d4-9fda-a75778f32091?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56212","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T01:16:16.453","lastModified":"2026-06-23T03:16:42.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable mandatory two-factor authentication for all team members without first enabling 2FA on their own account. The application fails to verify the initiator's 2FA status before allowing the policy change, resulting in inconsistent security enforcement, potential administrative misuse, and lockout risk for team members."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:28:40.182702Z","id":"CVE-2026-56212","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-w2cr-vcwj-69x2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-improper-2fa-enforcement-logic-via-team-security-settings","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56213","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T01:16:16.583","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into version_meta for any app_id. Attackers can exploit this by calling the RPC endpoint with a public anon key to poison storage metrics, causing persistent false data in dashboards and triggering incorrect alerts across victim applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:22:13.228614Z","id":"CVE-2026-56213","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-g4hx-x8gc-x6rw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-cross-tenant-metrics-poisoning-via-upsert-version-meta-rpc","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56214","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T01:16:16.710","lastModified":"2026-06-22T19:17:25.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sb_publishable key. Attackers can invoke these endpoints to determine organization existence via distinguishable return values and identify paying customers for targeted profiling."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:45:29.985089Z","id":"CVE-2026-56214","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-mh5p-rrhp-442q","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-enumeration-and-billing-status-disclosure-via-supabase-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-mh5p-rrhp-442q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56215","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T01:16:16.840","lastModified":"2026-06-24T19:17:13.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoint to merge the victim's SSO identity into the attacker-controlled account."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.12","versionType":"semver","status":"affected"},{"version":"12.128.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:08:07.049529Z","id":"CVE-2026-56215","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-wqc6-fhwf-qpww","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-account-merge-via-poisoned-public-users-email-in-sso-provisioning","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-wqc6-fhwf-qpww","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56216","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T01:16:16.970","lastModified":"2026-06-22T19:17:25.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint unrestricted keys by setting empty limits. Attackers with a compromised app-limited key can create an unrestricted key with org-wide access to resources like app listings and other protected endpoints."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:47:44.808436Z","id":"CVE-2026-56216","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2ff8-7h96-hwfp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-scope-escalation-via-api-key-creation-in-functions-v1-apikey","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2ff8-7h96-hwfp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9265","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-20T02:16:26.020","lastModified":"2026-06-22T18:45:41.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.\n\nprint_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"JONASBN","product":"Crypt::OpenSSL::PKCS12","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Crypt-OpenSSL-PKCS12","programFiles":["PKCS12.xs"],"programRoutines":[{"name":"Crypt::OpenSSL::PKCS12::info"},{"name":"Crypt::OpenSSL::PKCS12::info_as_hash"}],"repo":"https://github.com/dsully/perl-crypt-openssl-pkcs12","versions":[{"version":"0","lessThan":"1.96","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:35:55.865999Z","id":"CVE-2026-9265","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.md","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-9843","sourceIdentifier":"security@wordfence.com","published":"2026-06-20T02:16:26.910","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Successful exploitation requires an administrator to view or edit the poisoned form entry, at which point PHP's bracket parser reshapes the attacker-crafted JSON key to bypass the stored-path isset check and trigger deletion of the traversal-specified file."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"crmperks","product":"Database for Contact Form 7, WPforms, Elementor forms","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T14:06:09.924845Z","id":"CVE-2026-9843","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.5.1/contact-form-entries.php#L435","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.5.1/contact-form-entries.php#L747","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.5.1/includes/data.php#L539","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.5.1/includes/plugin-pages.php#L1197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/contact-form-entries/tags/1.5.1/templates/view.php#L559","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3578556/contact-form-entries","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4169b390-0972-4aa9-ae04-f5f67afe15ef?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11911","sourceIdentifier":"security@wordfence.com","published":"2026-06-20T09:16:13.910","lastModified":"2026-06-22T19:16:39.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The simplefilelist_edit_job AJAX action is registered via wp_ajax_nopriv_, making it accessible without authentication, and the is_admin() guard that would otherwise restrict access is bypassed because is_admin() always returns true for requests to the admin-ajax.php endpoint."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"eemitch","product":"Simple File List","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:51:12.207576Z","id":"CVE-2026-11911","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-functions.php#L1281","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-functions.php#L894","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-list-display.php#L473","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/simple-file-list.php#L262","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3579098%40simple-file-list&new=3579098%40simple-file-list&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/748c4ca8-fcbf-43e5-ab70-721e83253663?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11912","sourceIdentifier":"security@wordfence.com","published":"2026-06-20T09:16:15.460","lastModified":"2026-06-22T16:43:14.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is exploitable even when the administrator has not enabled the AllowFrontManage setting, because the is_admin() check unconditionally short-circuits the guard before that setting is evaluated."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"eemitch","product":"Simple File List","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:45:45.838239Z","id":"CVE-2026-11912","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-functions.php#L1265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-functions.php#L1586","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-functions.php#L880","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-list-display.php#L473","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/simple-file-list.php#L262","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3579098%40simple-file-list&new=3579098%40simple-file-list&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/509a40d2-a33a-49ba-b858-fa8805127a1b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12119","sourceIdentifier":"security@wordfence.com","published":"2026-06-20T09:16:15.593","lastModified":"2026-06-22T19:16:41.043","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and above, to perform arbitrary file operations including deletion, move, folder creation, and download. An attacker can create a draft post containing the 'eeSFL' shortcode, render it via the post preview endpoint to harvest the nonce needed to authorize the operations, and then submit file operation requests that bypass the intended authorization checks in includes/ee-list-ops-bar-process.php."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"eemitch","product":"Simple File List","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.3.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:46:51.269668Z","id":"CVE-2026-12119","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-front-end.php#L140","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-list-display.php#L341","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-list-ops-bar-display.php#L25","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-file-list/tags/6.3.6/includes/ee-list-ops-bar-process.php#L50","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3579098%40simple-file-list&new=3579098%40simple-file-list&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ed51a3-c049-4816-ada1-49f7edcb9a6f?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-48909","sourceIdentifier":"security@joomla.org","published":"2026-06-20T13:16:42.317","lastModified":"2026-06-22T20:21:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomshaper.net","product":"SP LMS extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0.0-4.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:44:42.382324Z","id":"CVE-2026-48909","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://www.joomshaper.com/","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2019-25763","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T14:16:17.783","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Ultimatebeaver","product":"Ultimate Addons for Beaver Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.4.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:43:53.244163Z","id":"CVE-2019-25763","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://www.exploit-db.com/exploits/47832","source":"disclosure@vulncheck.com"},{"url":"https://www.ultimatebeaver.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wordpress-ultimate-addons-for-beaver-builder-authentication-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2020-37255","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T14:16:18.790","lastModified":"2026-06-23T04:17:18.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Wptimecapsule","product":"Time Capsule Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.21.16","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:29:14.249213Z","id":"CVE-2020-37255","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://wptimecapsule.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/47941","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wordpress-time-capsule-plugin-authentication-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2022-50972","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T14:16:18.960","lastModified":"2026-06-22T18:40:05.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type values to write malicious PHP files to the web root."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"WooCommerce","product":"WooCommerce","defaultStatus":"unaffected","versions":[{"version":"7.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:45:23.607677Z","id":"CVE-2022-50972","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://wordpress.org/plugins/woocommerce","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/51156","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/woocommerce-remote-code-execution-via-class-wc-meta-box-product-images-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-12673","sourceIdentifier":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","published":"2026-06-20T14:16:19.147","lastModified":"2026-06-22T20:44:48.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary (non-default) group."}],"affected":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","affectedData":[{"vendor":"liquidfiles","product":"liquidfiles","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.2.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:29:11.606999Z","id":"CVE-2026-12673","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://docs.liquidfiles.com/release_notes/version_4-2-x.html","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"},{"url":"https://projectblack.io/blog/liquidfiles-privilege-escalation/","source":"ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a"}]}},{"cve":{"id":"CVE-2024-58351","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:03.973","lastModified":"2026-06-22T19:16:36.450","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relies on vm2 for sandboxing, an attacker can abuse it to achieve remote code execution and sandbox escape, denial of service by crashing the server, server-side request forgery, prompt injection, and server variable and data exfiltration. These issues are self-targeted and do not persist to other users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"2.1.4","versionType":"semver","status":"affected"},{"version":"2.1.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:51:38.603201Z","id":"CVE-2024-58351","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5cph-wvm9-45gj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flowise-remote-code-execution-via-overrideconfig-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71331","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.137","lastModified":"2026-06-23T17:53:02.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src=\"javascript:alert(document.cookie)\">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.0.8","versionType":"semver","status":"affected"},{"version":"3.0.8","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:50:59.326536Z","id":"CVE-2025-71331","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.8","matchCriteriaId":"EAD12981-C719-4090-884B-9C8F848B80D8"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4fr9-3x69-36wv","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-cross-site-scripting-in-chat-messages-and-agent-workflows","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4fr9-3x69-36wv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56218","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.287","lastModified":"2026-06-23T04:17:41.727","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:30:44.601316Z","id":"CVE-2026-56218","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-c5w9-886p-9j2x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-exif-metadata-exposure-via-image-upload","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-c5w9-886p-9j2x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56227","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.417","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these addresses with error responses disclosed to users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:44:56.936882Z","id":"CVE-2026-56227","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-48hc-53hv-6x3f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-server-side-request-forgery-via-webhook-url-validation","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-48hc-53hv-6x3f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56228","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.543","lastModified":"2026-06-23T15:16:38.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value (e.g., billions of characters) as the minimum password length, making compliance impossible for all organization members. Once the policy is enabled, users (including administrators) are unable to change their passwords or access the organization, resulting in an organization-wide account lockout and application-level denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:59:40.297209Z","id":"CVE-2026-56228","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vhjp-62qf-33mx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-denial-of-service-via-improper-password-policy-length-validation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56235","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.677","lastModified":"2026-06-24T19:17:13.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public Supabase API key (sb_publishable_*) can query arbitrary org_id values to disclose cross-tenant usage telemetry (MAU, bandwidth, installs, gets), enumerate app IDs for a target org, and determine org existence via an oracle (valid org returns metrics, invalid returns [])."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:01:29.294129Z","id":"CVE-2026-56235","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-gfpq-vphf-6gcm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-cross-tenant-metrics-disclosure-via-rpc-functions","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-gfpq-vphf-6gcm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56267","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.813","lastModified":"2026-06-22T19:17:26.943","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs, names, account status, and timestamps by sending requests with known email addresses."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.0.13","versionType":"semver","status":"affected"},{"version":"3.0.13","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:27:10.202650Z","id":"CVE-2026-56267","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jc5m-wrp2-qq38","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flowise-pii-disclosure-via-unauthenticated-forgot-password-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jc5m-wrp2-qq38","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56276","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:04.940","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password hash, establishing persistent account access after temporary session compromise."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.1.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:49:32.938401Z","id":"CVE-2026-56276","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-59fh-9f3p-7m39","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flowise-mass-assignment-in-put-api-v1-user-allows-password-hash-override","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-59fh-9f3p-7m39","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56282","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.057","lastModified":"2026-06-23T04:17:43.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /replication endpoint that exposes internal PostgreSQL replication telemetry including slot names and WAL LSN positions. Attackers can access this endpoint without authentication to retrieve sensitive infrastructure details such as replication slot names, confirmed_flush_lsn, restart_lsn values, and database error messages for reconnaissance purposes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:32:29.269636Z","id":"CVE-2026-56282","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q6gm-xfwr-44f5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-unauthenticated-replication-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q6gm-xfwr-44f5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56294","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.187","lastModified":"2026-06-22T21:14:21.077","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded() function using dynamic instrumentation to bypass biometric authentication without valid credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"capacitor-native-biometric","product":"capacitor-native-biometric","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo/capacitor-native-biometric","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:44:05.836072Z","id":"CVE-2026-56294","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vx5f-vmr6-32wf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capacitor-native-biometric-authentication-bypass-via-unvalidated-cryptoobject-in-onauthenticationsucceeded","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vx5f-vmr6-32wf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56295","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.330","lastModified":"2026-06-22T19:17:27.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require_apikey_expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with legacy non-expiring keys to list, create, and delete webhooks despite explicit organizational policy requiring key expiration."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:53:19.821928Z","id":"CVE-2026-56295","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vwpp-cqv5-cmfm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-policy-enforcement-bypass-in-webhook-management-endpoints-via-non-expiring-api-keys","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vwpp-cqv5-cmfm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56304","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.463","lastModified":"2026-06-24T19:17:13.550","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"1.0.1","versionType":"semver","status":"affected"},{"version":"1.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:58:36.424315Z","id":"CVE-2026-56304","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1","matchCriteriaId":"8F65EDFF-7FD0-49A8-9B9F-3D72E931CE82"}]}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserialization","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56307","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.597","lastModified":"2026-06-22T19:17:28.197","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read_devices access can exploit non-advancing cursor filters to trigger infinite pagination loops, prevent dataset traversal, and cause repeated processing in device-management workflows."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.12","versionType":"semver","status":"affected"},{"version":"12.128.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:26:18.732131Z","id":"CVE-2026-56307","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-670"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-8p6w-x7jg-v4xq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-broken-cursor-pagination-in-private-devices-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-8p6w-x7jg-v4xq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56317","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.733","lastModified":"2026-06-24T19:17:13.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"4.0.0","lessThan":"4.4.7","versionType":"semver","status":"affected"},{"version":"4.4.7","versionType":"semver","status":"unaffected"}]},{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"0","lessThan":"3.21.7","versionType":"semver","status":"affected"},{"version":"3.21.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:52:47.230996Z","id":"CVE-2026-56317","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionEndExcluding":"3.21.7","matchCriteriaId":"1381DFAD-B5B1-41F3-B1A7-5C7FA350BF69"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.7","matchCriteriaId":"5593E9B8-6F06-4319-B88F-10AA250EA551"}]}]}],"references":[{"url":"https://github.com/nuxt/nuxt/commit/4b054e9d95f8daf366cb144b52782047c511a66e","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/commit/7fea9fd687f1dacbfb63db5fae5839896b017a0e","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/security/advisories/GHSA-m3q2-p4fw-w38m","source":"disclosure@vulncheck.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-noscript-component-slot-content","source":"disclosure@vulncheck.com","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56319","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.863","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by observing 500 PGRST116 errors for inaccessible apps versus 401 errors for nonexistent apps, breaking tenant isolation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:46:54.315061Z","id":"CVE-2026-56319","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-73p9-mprg-7r75","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-app-existence-oracle-via-get-statistics-app-app-id","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-73p9-mprg-7r75","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56325","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:05.997","lastModified":"2026-06-22T19:17:28.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscore characters in app_id to act as SQL wildcards. Attackers can create apps with app_ids differing by one character at underscore positions to cause unintended pattern matches, breaking preview functionality for legitimate apps or causing app-id confusion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:27:59.953355Z","id":"CVE-2026-56325","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-cw88-ch2j-8vqj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-app-id-confusion-via-ilike-wildcard-in-preview-subdomain-lookup","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-cw88-ch2j-8vqj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56330","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:06.130","lastModified":"2026-06-23T04:17:43.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and credential harvesting."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:35:30.382923Z","id":"CVE-2026-56330","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-grc7-98pf-h8hq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-open-redirect-via-unvalidated-stripe-billing-urls","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-grc7-98pf-h8hq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56332","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T16:17:06.257","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmation_url parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting attacks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:githubactions/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:42:57.420302Z","id":"CVE-2026-56332","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-24q8-ghqq-m8cj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-open-redirect-via-confirmation-url-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-24q8-ghqq-m8cj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71379","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:23.410","lastModified":"2026-06-26T20:25:13.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker submitting crafted input with nested or repeated structures can trigger severe CPU consumption and performance degradation, resulting in denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"vllm","product":"vllm","defaultStatus":"unaffected","packageURL":"pkg:pypi/vllm","versions":[{"version":"0.6.3","lessThan":"0.9.0","versionType":"semver","status":"affected"},{"version":"0.9.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:54:20.295719Z","id":"CVE-2025-71379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.3","versionEndExcluding":"0.9.0","matchCriteriaId":"98236AEA-BBE9-4E78-A1CB-95E445D3ABE7"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-j828-28rj-hfhp","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/vllm-regular-expression-denial-of-service-in-multiple-components","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56341","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:23.700","lastModified":"2026-06-22T19:17:29.433","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including agreement IDs, user financial records, and API responses via direct GET requests to vulnerable endpoints."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"unaffected","packageURL":"pkg:composer/wwbn/avideo","versions":[{"version":"0","lessThanOrEqual":"26.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:23:56.588387Z","id":"CVE-2026-56341","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wprj-9cvc-5w37","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-unauthenticated-access-to-payment-log-datatables-endpoints-via-list-json-php","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wprj-9cvc-5w37","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56342","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:23.850","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to private IP ranges and cloud metadata endpoints. Attackers can exploit this by crafting requests to internal services, cloud metadata endpoints like 169.254.169.254, and localhost to retrieve sensitive information including IAM credentials, internal service responses, and network configuration details."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"unaffected","packageURL":"pkg:composer/wwbn/avideo","versions":[{"version":"0","lessThanOrEqual":"27.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:45:19.761850Z","id":"CVE-2026-56342","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wxjx-r2j2-96fx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-server-side-request-forgery-in-live-test-php-via-statsurl-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-wxjx-r2j2-96fx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56345","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:23.983","lastModified":"2026-06-23T04:17:43.760","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload with a filename containing an arbitrary users_id to invoke passwordless User->login() and establish an authenticated session as any user including admin. Attackers can obtain the Meet shared secret through path-traversal vulnerabilities or timing attacks against checkToken.json.php, then POST a crafted file to uploadRecordedVideo.json.php with a filename like '1-anything.mp4' to hijack admin sessions and gain full account takeover."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"unaffected","packageURL":"pkg:composer/wwbn/avideo","versions":[{"version":"0","lessThanOrEqual":"29.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:38:20.160424Z","id":"CVE-2026-56345","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-qxvm-r42f-5p8j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-arbitrary-user-session-hijacking-via-meet-plugin-uploadrecordedvideo-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56347","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:24.267","lastModified":"2026-06-22T19:17:30.043","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"WWBN","product":"AVideo","defaultStatus":"unaffected","packageURL":"pkg:composer/wwbn/avideo","versions":[{"version":"0","lessThanOrEqual":"26.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:54:45.597733Z","id":"CVE-2026-56347","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gmpc-fxg2-vcmq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-topmenu-plugin-stored-cross-site-scripting-via-unescaped-menu-item-fields","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gmpc-fxg2-vcmq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56355","sourceIdentifier":"cve@mitre.org","published":"2026-06-20T21:16:54.293","lastModified":"2026-06-22T20:43:11.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"GNU","product":"Savane","defaultStatus":"unaffected","versions":[{"version":"3.14","lessThanOrEqual":"3.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:21:08.779367Z","id":"CVE-2026-56355","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-696"}]}],"references":[{"url":"https://cgit.git.savannah.gnu.org/cgit/administration/savane.git/tree/frontend/php/file.php?h=release-3.17#n113","source":"cve@mitre.org"},{"url":"https://cgit.git.savannah.gnu.org/cgit/administration/savane.git/tree/frontend/php/file.php?h=release-3.17#n123","source":"cve@mitre.org"},{"url":"https://news.ycombinator.com/item?id=48605220","source":"cve@mitre.org"},{"url":"https://www.fsf.org/news/statement-regarding-gnu-savannah-security-reports","source":"cve@mitre.org"},{"url":"https://www.hacktron.ai","source":"cve@mitre.org"},{"url":"https://www.mallory.ai/stories/019ee445-bdd4-7775-93b5-a8faaf5c2eb7","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-12770","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T01:16:22.847","lastModified":"2026-06-24T20:37:26.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["Admin Key Handler"],"versions":[{"version":"1.63.0","status":"affected"},{"version":"1.63.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:55:24.067237Z","id":"CVE-2026-12770","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.63.2","matchCriteriaId":"92ABAFD7-2BD0-4F8A-B504-EEA4F7674FF8"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/BerriAI/litellm/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/BerriAI/litellm/pull/23781","source":"cna@vuldb.com","tags":["Issue Tracking","Patch"]},{"url":"https://vuldb.com/cve/CVE-2026-12770","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811279","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry","Exploit"]},{"url":"https://vuldb.com/vuln/372512","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372512/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12771","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T02:16:41.073","lastModified":"2026-06-24T20:31:58.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["M2M JWT Handler"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P","baseScore":4.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:32:58.469818Z","id":"CVE-2026-12771","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.82.3","matchCriteriaId":"210D7C6E-46D4-45C1-8EC1-0294D1B0FA89"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/70e4e106527f74ddf17953ff0f6c248d","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12771","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811280","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372513","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372513/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12772","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T03:16:22.960","lastModified":"2026-06-24T20:28:58.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["PROXY_ADMIN database API Key Generator"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:20:15.086018Z","id":"CVE-2026-12772","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.82.3","matchCriteriaId":"210D7C6E-46D4-45C1-8EC1-0294D1B0FA89"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/39ed709ce322431658a05b951e91f278","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12772","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811281","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372514","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372514/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12774","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T04:16:31.717","lastModified":"2026-06-24T20:24:17.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["MCP Server Connection Testing"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:57:26.092177Z","id":"CVE-2026-12774","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.2","matchCriteriaId":"2D697723-9909-4732-A558-9A8F30BBB812"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12774","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811285","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372516","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372516/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12775","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T06:16:21.930","lastModified":"2026-06-23T04:17:26.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Montodel","product":"House-Rental-Management","cpes":["cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:*"],"versions":[{"version":"90010017b81265eb1ef3810268909f7719a33863","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:40:03.298808Z","id":"CVE-2026-12775","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/yihaofuweng/cve/issues/67","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12775","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835036","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372517","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372517/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12776","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T06:16:22.417","lastModified":"2026-06-22T19:16:46.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Montodel","product":"House-Rental-Management","cpes":["cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:*"],"versions":[{"version":"90010017b81265eb1ef3810268909f7719a33863","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:05:00.503564Z","id":"CVE-2026-12776","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/yihaofuweng/cve/issues/68","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12776","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835037","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372518","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372518/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12778","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T06:16:22.637","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AOMEI","product":"Partition Assistant","cpes":["cpe:2.3:a:aomei:partition_assistant:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"10.10.0","status":"affected"},{"version":"10.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:33:32.271119Z","id":"CVE-2026-12778","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12778","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835607","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372519","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372519/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/aomei-partition-assistant-10101-kernel-driver-ampa10sys-local-privilege-escalation","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12779","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T06:16:22.807","lastModified":"2026-06-22T19:16:46.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AOMEI","product":"Dynamic Disk Manager","cpes":["cpe:2.3:a:aomei:dynamic_disk_manager:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"10.10.0","status":"affected"},{"version":"10.10.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:19:41.625705Z","id":"CVE-2026-12779","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12779","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835608","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372520","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372520/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/aomei-dynamic-disk-manager-10101-kernel-driver-ddmdrvsys-local-privilege-escalation","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12780","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T06:16:22.957","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"AOMEI","product":"Backupper","cpes":["cpe:2.3:a:aomei:backupper:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"8.0","status":"affected"},{"version":"8.1","status":"affected"},{"version":"8.2","status":"affected"},{"version":"8.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:12:11.602552Z","id":"CVE-2026-12780","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12780","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835609","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372521","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372521/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/aomei-backupper-830-kernel-driver-amwrtdrvsys-local-privilege-escalation","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12781","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T08:16:21.907","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: \"We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists.\""}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"EaseUS","product":"Partition Master","cpes":["cpe:2.3:a:easeus:partition_master:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"14.0","status":"affected"},{"version":"14.1","status":"affected"},{"version":"14.2","status":"affected"},{"version":"14.3","status":"affected"},{"version":"14.4","status":"affected"},{"version":"14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:56:48.314457Z","id":"CVE-2026-12781","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12781","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835611","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372522","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372522/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/easeus-partition-master-145-kernel-driver-epmntdrvsys-local-privilege-escalation","source":"cna@vuldb.com"},{"url":"https://www.easeus.com/partition-manager/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12782","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T08:16:23.280","lastModified":"2026-06-23T04:17:33.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: \"We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists.\""}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"EaseUS","product":"Partition Master","cpes":["cpe:2.3:a:easeus:partition_master:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"14.0","status":"affected"},{"version":"14.1","status":"affected"},{"version":"14.2","status":"affected"},{"version":"14.3","status":"affected"},{"version":"14.4","status":"affected"},{"version":"14.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:43:56.232731Z","id":"CVE-2026-12782","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12782","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835612","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372523","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372523/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/easeus-partition-master-145-kernel-driver-euedkepmsys-local-privilege-escalation","source":"cna@vuldb.com"},{"url":"https://www.easeus.com/partition-manager/","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12784","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T08:16:23.443","lastModified":"2026-06-22T19:16:47.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"IM-Magic","product":"Partition Resizer","cpes":["cpe:2.3:a:im-magic:partition_resizer:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"7.0","status":"affected"},{"version":"7.1","status":"affected"},{"version":"7.2","status":"affected"},{"version":"7.3","status":"affected"},{"version":"7.4","status":"affected"},{"version":"7.5","status":"affected"},{"version":"7.6","status":"affected"},{"version":"7.7","status":"affected"},{"version":"7.8","status":"affected"},{"version":"7.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:06:49.836208Z","id":"CVE-2026-12784","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12784","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835613","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372524","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372524/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/im-magic-partition-resizer-790-kernel-driver-mda-ntdrvsys-local-privilege-escalation","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12786","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T09:16:25.130","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Ezbsystems","product":"UltraISO Premium Edition","cpes":["cpe:2.3:a:ezbsystems:ultraiso_premium_edition:*:*:*:*:*:*:*:*"],"modules":["Kernel Driver"],"versions":[{"version":"9.0","status":"affected"},{"version":"9.1","status":"affected"},{"version":"9.2","status":"affected"},{"version":"9.3","status":"affected"},{"version":"9.4","status":"affected"},{"version":"9.5","status":"affected"},{"version":"9.6","status":"affected"},{"version":"9.7","status":"affected"},{"version":"9.8","status":"affected"},{"version":"9.9","status":"affected"},{"version":"9.10","status":"affected"},{"version":"9.11","status":"affected"},{"version":"9.12","status":"affected"},{"version":"9.13","status":"affected"},{"version":"9.14","status":"affected"},{"version":"9.15","status":"affected"},{"version":"9.16","status":"affected"},{"version":"9.17","status":"affected"},{"version":"9.18","status":"affected"},{"version":"9.19","status":"affected"},{"version":"9.20","status":"affected"},{"version":"9.21","status":"affected"},{"version":"9.22","status":"affected"},{"version":"9.23","status":"affected"},{"version":"9.24","status":"affected"},{"version":"9.25","status":"affected"},{"version":"9.26","status":"affected"},{"version":"9.27","status":"affected"},{"version":"9.28","status":"affected"},{"version":"9.29","status":"affected"},{"version":"9.30","status":"affected"},{"version":"9.31","status":"affected"},{"version":"9.32","status":"affected"},{"version":"9.33","status":"affected"},{"version":"9.34","status":"affected"},{"version":"9.35","status":"affected"},{"version":"9.36","status":"affected"},{"version":"9.37","status":"affected"},{"version":"9.38","status":"affected"},{"version":"9.39","status":"affected"},{"version":"9.40","status":"affected"},{"version":"9.41","status":"affected"},{"version":"9.42","status":"affected"},{"version":"9.43","status":"affected"},{"version":"9.44","status":"affected"},{"version":"9.45","status":"affected"},{"version":"9.46","status":"affected"},{"version":"9.47","status":"affected"},{"version":"9.48","status":"affected"},{"version":"9.49","status":"affected"},{"version":"9.50","status":"affected"},{"version":"9.51","status":"affected"},{"version":"9.52","status":"affected"},{"version":"9.53","status":"affected"},{"version":"9.54","status":"affected"},{"version":"9.55","status":"affected"},{"version":"9.56","status":"affected"},{"version":"9.57","status":"affected"},{"version":"9.58","status":"affected"},{"version":"9.59","status":"affected"},{"version":"9.60","status":"affected"},{"version":"9.61","status":"affected"},{"version":"9.62","status":"affected"},{"version":"9.63","status":"affected"},{"version":"9.64","status":"affected"},{"version":"9.65","status":"affected"},{"version":"9.66","status":"affected"},{"version":"9.67","status":"affected"},{"version":"9.68","status":"affected"},{"version":"9.69","status":"affected"},{"version":"9.70","status":"affected"},{"version":"9.71","status":"affected"},{"version":"9.72","status":"affected"},{"version":"9.73","status":"affected"},{"version":"9.74","status":"affected"},{"version":"9.75","status":"affected"},{"version":"9.76","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:C/I:C/A:C","baseScore":6.8,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:36:48.924481Z","id":"CVE-2026-12786","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12786","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835614","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372528","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372528/cti","source":"cna@vuldb.com"},{"url":"https://winslow1984.com/books/cve-collection/page/ultraiso-premium-976-kernel-driver-bootpt64sys-local-privilege-escalation","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12787","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T09:16:25.320","lastModified":"2026-06-22T19:16:48.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhilink 智互联(深圳)科技有限公司","product":"ADP Application Developer Platform 应用开发者平台","cpes":["cpe:2.3:a:zhilink_:adp_application_developer_platform_:*:*:*:*:*:*:*:*"],"modules":["testConnection Endpoint"],"versions":[{"version":"1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:18:30.484630Z","id":"CVE-2026-12787","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://ucn9h68n9289.feishu.cn/docx/I8uZdkZL3oSqBnxkwTAcfDvknUh?from=from_copylink","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12787","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835654","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372529","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372529/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12788","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T09:16:25.500","lastModified":"2026-06-22T19:16:48.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zhilink 智互联(深圳)科技有限公司","product":"ADP Application Developer Platform 应用开发者平台","cpes":["cpe:2.3:a:zhilink_:adp_application_developer_platform_:*:*:*:*:*:*:*:*"],"modules":["XML Parser"],"versions":[{"version":"1.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:54:42.407340Z","id":"CVE-2026-12788","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-610"},{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://ucn9h68n9289.feishu.cn/docx/LeLOdhV6mo3clzxstxXcpFzbnjg?from=from_copylink","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12788","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/835655","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372530","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372530/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12789","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T09:16:25.680","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument troup_table_nav leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"ILIAS","product":"Learning Management System","cpes":["cpe:2.3:a:ilias:learning_management_system:*:*:*:*:*:*:*:*"],"modules":["Learning Progress Tracking"],"versions":[{"version":"11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:55:26.018354Z","id":"CVE-2026-12789","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12789","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836104","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372531","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372531/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836104","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12795","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T09:16:25.887","lastModified":"2026-06-24T20:15:08.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["SSO Debug Flow"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:44:53.768634Z","id":"CVE-2026-12795","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.2","matchCriteriaId":"2D697723-9909-4732-A558-9A8F30BBB812"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/9b13c75a3a73187a4082cc6df0b100d3","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12795","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811286","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372557","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372557/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12796","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T10:16:15.220","lastModified":"2026-06-24T20:13:09.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["SSO Authentication Flow"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:07:39.063864Z","id":"CVE-2026-12796","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.2","matchCriteriaId":"2D697723-9909-4732-A558-9A8F30BBB812"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12796","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811287","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372558","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372558/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12797","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T10:16:16.870","lastModified":"2026-06-24T19:50:50.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["Completions Interface"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"},{"version":"1.82.3","status":"affected"},{"version":"1.82.4","status":"affected"},{"version":"1.82.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:35:34.363730Z","id":"CVE-2026-12797","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.5","matchCriteriaId":"54ADABCD-8B4C-4101-AD0B-5DF46CD39197"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12797","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811288","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372559","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372559/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12798","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T10:16:17.023","lastModified":"2026-06-24T19:37:47.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["MCP OpenAPI Spec Loader"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:14:11.598867Z","id":"CVE-2026-12798","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.2","matchCriteriaId":"2D697723-9909-4732-A558-9A8F30BBB812"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/c1104c529975699ba347feedfbe02c5a","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12798","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811290","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372560","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372560/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-12799","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T10:16:17.173","lastModified":"2026-06-24T19:26:56.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"BerriAI","product":"litellm","cpes":["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"],"modules":["Incomplete Fix CVE-2025-0628"],"versions":[{"version":"1.82.0","status":"affected"},{"version":"1.82.1","status":"affected"},{"version":"1.82.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:16:34.425795Z","id":"CVE-2026-12799","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndIncluding":"1.82.2","matchCriteriaId":"2D697723-9909-4732-A558-9A8F30BBB812"}]}]}],"references":[{"url":"https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12799","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/811291","source":"cna@vuldb.com","tags":["Third Party Advisory","Exploit","VDB Entry"]},{"url":"https://vuldb.com/vuln/372561","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372561/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/submit/811291","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory","Exploit","VDB Entry"]}]}},{"cve":{"id":"CVE-2025-71348","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:22.750","lastModified":"2026-06-26T14:46:21.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.28","versionType":"semver","status":"affected"},{"version":"0.0.28","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:05:34.765825Z","id":"CVE-2025-71348","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*","versionEndExcluding":"0.0.28","matchCriteriaId":"F37D0634-B9DA-411D-B816-89AFF0F749B0"}]}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vv6j-3g6g-2pvj","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-torch-utils-config-module-load-config-bypass","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vv6j-3g6g-2pvj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71351","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:22.897","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.25","versionType":"semver","status":"affected"},{"version":"0.0.25","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:11:50.314580Z","id":"CVE-2025-71351","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-v7x6-rv5q-mhwc","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-timeit-timeit-detection-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-v7x6-rv5q-mhwc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71357","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:23.017","lastModified":"2026-06-26T14:14:03.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.30","versionType":"semver","status":"affected"},{"version":"0.0.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:34:18.083611Z","id":"CVE-2025-71357","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*","versionEndExcluding":"0.0.30","matchCriteriaId":"D8DD7A91-0138-4CAC-95B5-FA9EEA0ECE30"}]}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-idlelib-pyshell-modifiedinterpreter-runcommand","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71378","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:23.140","lastModified":"2026-06-26T14:12:04.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.30","versionType":"semver","status":"affected"},{"version":"0.0.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:45:43.134054Z","id":"CVE-2025-71378","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*","versionEndExcluding":"0.0.30","matchCriteriaId":"D8DD7A91-0138-4CAC-95B5-FA9EEA0ECE30"}]}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9w88-8rmg-7g2p","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-undetected-cprofile-runctx-in-pickle-files","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9w88-8rmg-7g2p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56229","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.120","lastModified":"2026-06-22T18:40:05.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched app_id and job_id combination. Limited API keys restricted to a single app can retrieve build status and logs from other apps by providing an authorized app_id while using a job_id from an unauthorized app, exposing sensitive build information including logs, metadata, and potentially credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:47:44.209630Z","id":"CVE-2026-56229","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2fw5-mcrx-wcqw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-app-build-job-access-via-app-id-job-id-mismatch-in-build-status-and-build-logs","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2fw5-mcrx-wcqw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56236","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.270","lastModified":"2026-06-22T19:17:26.313","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"capgo","product":"cli","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo/cli","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:10:58.100784Z","id":"CVE-2026-56236","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-8mpm-q7mh-8fvh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cli-arbitrary-file-overwrite-via-symlink-following-in-local-credential-operations","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56239","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.457","lastModified":"2026-06-24T17:17:30.187","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks (no validation of auth.uid(), org membership, or check_min_rights). Because the function runs with the owner's privileges, it bypasses Row Level Security. If EXECUTE permission is available to the authenticated or anon roles (explicitly or via default privileges), an authenticated user could invoke it via Supabase RPC to manipulate billing data for arbitrary organizations, including unauthorized credit depletion and fraudulent overage event insertion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:37:59.240720Z","id":"CVE-2026-56239","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qq85-vjrq-m75g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-privilege-escalation-via-security-definer-function-apply-usage-overage","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qq85-vjrq-m75g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56242","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.583","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns the owning user_id for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys to confirm key validity and map keys to user identifiers, then chain results into other exposed RPCs like get_orgs_v6 to retrieve organization membership and management email PII."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:19:34.277737Z","id":"CVE-2026-56242","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fhgj-7376-qxwx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-api-key-validity-oracle-and-user-identity-disclosure-via-get-identity-apikey-only-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-fhgj-7376-qxwx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56251","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.713","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:18:52.617753Z","id":"CVE-2026-56251","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-9xqh-f26v-9c9h","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-privilege-escalation-via-broken-row-level-security-in-org-users","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56253","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.850","lastModified":"2026-06-23T04:17:43.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using only the public sb_publishable_* key and an organization UUID to retrieve sensitive member information including email addresses, user IDs, roles, and pending invitations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:47:02.116305Z","id":"CVE-2026-56253","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-x34h-gc65-f6g4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-member-email-disclosure-via-get-org-members-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-x34h-gc65-f6g4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56265","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:24.980","lastModified":"2026-06-26T13:52:16.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected functionality."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crawl4AI","product":"Crawl4AI","defaultStatus":"unaffected","packageURL":"pkg:pypi/crawl4ai","versions":[{"version":"0","lessThan":"0.8.7","versionType":"semver","status":"affected"},{"version":"0.8.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:43:38.300741Z","id":"CVE-2026-56265","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.7","matchCriteriaId":"5C153B68-AA3F-4755-BA13-E98AAB321695"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/crawl4ai-authentication-bypass-via-hardcoded-jwt-signing-key","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56299","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.107","lastModified":"2026-06-23T15:16:38.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid credentials, enabling trivial request flooding and denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:00:21.259811Z","id":"CVE-2026-56299","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6c7m-4223-446j","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-denial-of-service-via-unauthenticated-options-request-to-build-upload-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56316","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.230","lastModified":"2026-06-24T19:17:13.670","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic for resource consumption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:56:11.814088Z","id":"CVE-2026-56316","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-9c2x-7h5x-37gm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-job-existence-oracle-via-unauthenticated-options-build-upload-jobid","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-9c2x-7h5x-37gm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56367","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.360","lastModified":"2026-06-26T13:50:55.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"6.9.0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:18:37.914953Z","id":"CVE-2026-56367","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.0-0","versionEndExcluding":"6.9.13-40","matchCriteriaId":"EE4A4C2F-5F44-498C-A9DA-00300E197600"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.2-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"D6F1EDF2-E219-4639-9D73-B67392B996F2"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-out-of-bounds-read-in-psb-rle-decoding","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56378","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.500","lastModified":"2026-06-26T13:41:36.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:20:07.253117Z","id":"CVE-2026-56378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.0-0","versionEndExcluding":"6.9.13-40","matchCriteriaId":"EE4A4C2F-5F44-498C-A9DA-00300E197600"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.2-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"D6F1EDF2-E219-4639-9D73-B67392B996F2"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-out-of-bounds-read-in-pcd-decoder","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56381","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.627","lastModified":"2026-06-23T04:17:43.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other users view or edit permissions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"5.0.0-RC1","lessThan":"5.8.22","versionType":"semver","status":"affected"},{"version":"5.8.22","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T02:48:06.956002Z","id":"CVE-2026-56381","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-g3hp-vvqf-8vw6","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-stored-xss-via-user-group-name-in-user-permissions-page","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-g3hp-vvqf-8vw6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56382","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.757","lastModified":"2026-06-22T18:40:05.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview() method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout() without calling Component::cleanseConfig(). An authenticated admin user can inject Yii2 event handlers (e.g., 'on init' keys) via the fieldLayoutConfig parameter to execute arbitrary PHP code and disclose sensitive information (such as environment variables containing database credentials and CRAFT_SECURITY_KEY). The issue is fixed in version 5.9.14."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"5.5.0","lessThan":"5.9.14","versionType":"semver","status":"affected"},{"version":"5.9.14","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:30:00.918233Z","id":"CVE-2026-56382","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-86vw-x4ww-x467","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-remote-code-execution-via-missing-config-sanitization-in-fieldscontroller","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-86vw-x4ww-x467","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56383","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:25.890","lastModified":"2026-06-23T15:16:39.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account (with allowAdminChanges enabled) to inject arbitrary JavaScript that executes when another user views a page containing the affected table field. Affected versions are >= 4.5.0-beta.1 through 4.16.18 and >= 5.0.0-RC1 through 5.8.22; fixed in 4.16.19 and 5.8.23."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"4.5.0-beta.1","lessThan":"4.16.19","versionType":"semver","status":"affected"},{"version":"4.16.19","versionType":"semver","status":"unaffected"},{"version":"5.0.0-RC1","lessThan":"5.8.23","versionType":"semver","status":"affected"},{"version":"5.8.23","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:00:40.463813Z","id":"CVE-2026-56383","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/7b372de262b8d9d2ce859f32780c3715719b6f5a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-6j87-m5qx-9fqp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-stored-xss-in-table-field-via-row-heading-column-type","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-6j87-m5qx-9fqp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56384","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.020","lastModified":"2026-06-24T17:17:30.910","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that private asset, because no asset-view permission check is performed before preview generation. This affects versions >= 4.0.0-RC1, <= 4.17.7 and >= 5.0.0-RC1, <= 5.9.13, and is fixed in 4.17.8 and 5.9.14."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"4.0.0-RC1","lessThan":"4.17.8","versionType":"semver","status":"affected"},{"version":"4.17.8","versionType":"semver","status":"unaffected"},{"version":"5.0.0-RC1","lessThan":"5.9.14","versionType":"semver","status":"affected"},{"version":"5.9.14","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:40:42.349785Z","id":"CVE-2026-56384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/d30df3112220db1ffd6726a3ed11857014c7fb27","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-x76w-8c62-48mg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-missing-authorization-in-assets-preview-thumb-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56385","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.150","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an asset they are not permitted to view and still receive preview response data (previewHtml), including a private preview image route containing the target private assetId. Fixed in 5.9.14 and 4.17.8."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"5.0.0-RC1","lessThan":"5.9.14","versionType":"semver","status":"affected"},{"version":"5.9.14","versionType":"semver","status":"unaffected"},{"version":"4.0.0-RC1","lessThan":"4.17.8","versionType":"semver","status":"affected"},{"version":"4.17.8","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:18:03.133816Z","id":"CVE-2026-56385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/d30df3112220db1ffd6726a3ed11857014c7fb27","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-44px-qjjc-xrhq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-authorization-bypass-in-assets-preview-file-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56393","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.277","lastModified":"2026-06-22T18:36:28.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization (e.g., via the checkbox.twig template, which used {{ label|raw }}). An authenticated administrator (with allowAdminChanges enabled) can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions. Fixed in 4.17.0-beta.1 and 5.9.0-beta.1."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"5.0.0-RC1","lessThan":"5.9.0-beta.1","versionType":"semver","status":"affected"},{"version":"5.9.0-beta.1","versionType":"semver","status":"unaffected"},{"version":"4.0.0-RC1","lessThan":"4.17.0-beta.1","versionType":"semver","status":"affected"},{"version":"4.17.0-beta.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:21:37.669665Z","id":"CVE-2026-56393","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/67780a778c6ec04e68e64a0b1177c168306144a2","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/commit/943152d2246b36f12adf161a03b8695b773d9276","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-4mgv-366x-qxvx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-multiple-stored-cross-site-scripting-in-settings-names-and-field-options","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-4mgv-366x-qxvx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56394","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.403","lastModified":"2026-06-23T14:17:24.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"craftcms","product":"cms","defaultStatus":"unaffected","packageURL":"pkg:composer/craftcms/cms","versions":[{"version":"4.0.0-RC1","lessThan":"4.17.7","versionType":"semver","status":"affected"},{"version":"4.17.7","versionType":"semver","status":"unaffected"},{"version":"5.0.0-RC1","lessThan":"5.9.13","versionType":"semver","status":"affected"},{"version":"5.9.13","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:34:08.737226Z","id":"CVE-2026-56394","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/30f5f1a8d6edf0f3a00be72c42c78d9dc7d72d5c","source":"disclosure@vulncheck.com"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-c43v-4cr8-6mvp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/craft-cms-authenticated-path-traversal-in-assets-icon-extension-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56395","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.530","lastModified":"2026-06-22T18:40:05.833","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SiYuan","product":"SiYuan","defaultStatus":"unaffected","packageURL":"pkg:golang/siyuan","versions":[{"version":"0","lessThan":"3.6.1","versionType":"semver","status":"affected"},{"version":"3.6.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:28:59.552541Z","id":"CVE-2026-56395","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/siyuan-remote-code-execution-via-malicious-bazaar-package-metadata-and-readme","source":"disclosure@vulncheck.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56396","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.660","lastModified":"2026-06-23T15:16:39.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"phpMyFAQ","product":"phpMyFAQ","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.1.4","versionType":"semver","status":"affected"},{"version":"4.1.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:01:18.426641Z","id":"CVE-2026-56396","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-985r-q3qp-299h","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-privilege-escalation-via-missing-authorization-in-edituser-and-updateuserrights","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-985r-q3qp-299h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56397","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-21T14:16:26.783","lastModified":"2026-06-24T17:17:31.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SiYuan","product":"SiYuan","defaultStatus":"unaffected","packageURL":"pkg:golang/siyuan","versions":[{"version":"0","lessThan":"3.6.1","versionType":"semver","status":"affected"},{"version":"3.6.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:35:29.612043Z","id":"CVE-2026-56397","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/siyuan-remote-code-execution-via-malicious-bazaar-package-metadata-and-readme-2","source":"disclosure@vulncheck.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56403","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:26.590","lastModified":"2026-06-23T20:15:16.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in storeAtts."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:05:33.081389Z","id":"CVE-2026-56403","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1232","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56404","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:27.620","lastModified":"2026-06-23T20:15:05.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in addBinding."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:04:59.811651Z","id":"CVE-2026-56404","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1249","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56405","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:27.740","lastModified":"2026-06-23T20:14:51.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in getAttributeId."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:03:02.339016Z","id":"CVE-2026-56405","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1251","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56406","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:27.870","lastModified":"2026-06-23T16:29:06.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:02:37.192253Z","id":"CVE-2026-56406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1255","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56407","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:27.987","lastModified":"2026-06-23T16:28:29.983","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:54:56.617975Z","id":"CVE-2026-56407","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1262","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56408","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:28.110","lastModified":"2026-06-23T16:27:26.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 has an integer overflow in copyString."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:55:29.967243Z","id":"CVE-2026-56408","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/commit/16e2efd867ea8567ffa012210b52ef5918e20817","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56409","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:28.230","lastModified":"2026-06-23T16:21:55.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:56:10.404976Z","id":"CVE-2026-56409","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1259","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56410","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T16:16:28.360","lastModified":"2026-06-23T16:18:16.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:56:48.331184Z","id":"CVE-2026-56410","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1252","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56411","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T17:16:44.523","lastModified":"2026-06-23T16:16:36.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:31:23.529292Z","id":"CVE-2026-56411","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1263","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56412","sourceIdentifier":"cve@mitre.org","published":"2026-06-21T17:16:44.657","lastModified":"2026-06-23T15:31:30.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"libexpat project","product":"libexpat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:30:58.502417Z","id":"CVE-2026-56412","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.2","matchCriteriaId":"E3A57811-3797-4D35-A4AC-E1AB3CE6F1F3"}]}]}],"references":[{"url":"https://github.com/libexpat/libexpat/pull/1278","source":"cve@mitre.org","tags":["Patch","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-12804","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T19:16:23.097","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that \"it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low.\""}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"lemonldap-ng","cpes":["cpe:2.3:a:lemonldap-ng:lemonldap-ng:*:*:*:*:*:*:*:*"],"modules":["SAML Common Domain Cookie Endpoint"],"versions":[{"version":"2.0","status":"affected"},{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.6","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.9","status":"affected"},{"version":"2.10","status":"affected"},{"version":"2.11","status":"affected"},{"version":"2.12","status":"affected"},{"version":"2.13","status":"affected"},{"version":"2.14","status":"affected"},{"version":"2.15","status":"affected"},{"version":"2.16","status":"affected"},{"version":"2.17","status":"affected"},{"version":"2.18","status":"affected"},{"version":"2.19","status":"affected"},{"version":"2.20","status":"affected"},{"version":"2.21","status":"affected"},{"version":"2.22","status":"affected"},{"version":"2.23.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:27:57.331935Z","id":"CVE-2026-12804","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979","source":"cna@vuldb.com"},{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/3619","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12804","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836105","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372598","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372598/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12805","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T20:16:27.343","lastModified":"2026-06-23T14:17:22.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. This patch is called 1d4b3815c0987840a983160bfc671fef63a3105b. It is best practice to apply a patch to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"OFFIS","product":"DCMTK","cpes":["cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"],"versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.5","status":"affected"},{"version":"3.6","status":"affected"},{"version":"3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:36:35.242243Z","id":"CVE-2026-12805","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d4b3815c0987840a983160bfc671fef63a3105b","source":"cna@vuldb.com"},{"url":"https://github.com/DCMTK/dcmtk/commit/1d4b3815c0987840a983160bfc671fef63a3105b","source":"cna@vuldb.com"},{"url":"https://medium.com/@faboherrera.fabo/dcmtk-vulnerability-report-201afc687790","source":"cna@vuldb.com"},{"url":"https://support.dcmtk.org/redmine/issues/1208","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12805","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836273","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372599","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372599/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12806","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T20:16:27.497","lastModified":"2026-06-23T15:16:33.280","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Edimax","product":"BR-6478AC V2","cpes":["cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*"],"modules":["POST Request Handler"],"versions":[{"version":"1.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:01:47.124277Z","id":"CVE-2026-12806","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-formWlSiteSurvey-34b53a41781f80669c10df409a0851d4?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12806","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836668","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372600","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372600/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12807","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T21:16:23.797","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Edimax","product":"BR-6478AC V2","cpes":["cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*"],"modules":["POST Request Handler"],"versions":[{"version":"1.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:22:52.635470Z","id":"CVE-2026-12807","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-setWAN-34b53a41781f80b98c4be24d8cae61b1?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12807","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836669","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372601","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372601/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12808","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T21:16:23.953","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Edimax BR-6478AC V2 1.23. This impacts the function stainfo of the file /goform/stainfo of the component POST Request Handler. This manipulation of the argument interface causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Edimax","product":"BR-6478AC V2","cpes":["cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*"],"modules":["POST Request Handler"],"versions":[{"version":"1.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:17:25.241503Z","id":"CVE-2026-12808","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-stainfo-34b53a41781f80a38eabd3f33d5e939c?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12808","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836672","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372602","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372602/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12809","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T22:16:37.893","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Edimax","product":"BR-6478AC V2","cpes":["cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*"],"modules":["POST Request Handler"],"versions":[{"version":"1.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:18:10.394329Z","id":"CVE-2026-12809","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-wiz_5in1_redirect-34b53a41781f80408b3fca68a24f6028?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12809","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836673","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372603","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372603/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12810","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T22:16:38.900","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Edimax","product":"BR-6478AC V2","cpes":["cpe:2.3:a:edimax:br-6478ac_v2:*:*:*:*:*:*:*:*"],"modules":["POST Request Handler"],"versions":[{"version":"1.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:27:30.666963Z","id":"CVE-2026-12810","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://lavender-bicycle-a5a.notion.site/EDIMAX-BR6478ACV2-mp-34b53a41781f80339677f24176f4f6b7?source=copy_link","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12810","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/836674","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372604","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372604/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12811","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T23:16:42.693","lastModified":"2026-06-23T14:17:22.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.8.39 can resolve this issue. This patch is called f5dec7aa0c1b8fa0125938f292c0f2430ca75f6c. It is advisable to upgrade the affected component. The researcher explains: \"The issue was fixed in v0.8.39 without notifying the wider user base via a security disclosure.\""}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"kortix-ai","product":"suna","cpes":["cpe:2.3:a:kortix-ai:suna:*:*:*:*:*:*:*:*"],"modules":["Auth Endpoint"],"versions":[{"version":"0.8.0","status":"affected"},{"version":"0.8.1","status":"affected"},{"version":"0.8.2","status":"affected"},{"version":"0.8.3","status":"affected"},{"version":"0.8.4","status":"affected"},{"version":"0.8.5","status":"affected"},{"version":"0.8.6","status":"affected"},{"version":"0.8.7","status":"affected"},{"version":"0.8.8","status":"affected"},{"version":"0.8.9","status":"affected"},{"version":"0.8.10","status":"affected"},{"version":"0.8.11","status":"affected"},{"version":"0.8.12","status":"affected"},{"version":"0.8.13","status":"affected"},{"version":"0.8.14","status":"affected"},{"version":"0.8.15","status":"affected"},{"version":"0.8.16","status":"affected"},{"version":"0.8.17","status":"affected"},{"version":"0.8.18","status":"affected"},{"version":"0.8.19","status":"affected"},{"version":"0.8.20","status":"affected"},{"version":"0.8.21","status":"affected"},{"version":"0.8.22","status":"affected"},{"version":"0.8.23","status":"affected"},{"version":"0.8.24","status":"affected"},{"version":"0.8.25","status":"affected"},{"version":"0.8.26","status":"affected"},{"version":"0.8.27","status":"affected"},{"version":"0.8.28","status":"affected"},{"version":"0.8.29","status":"affected"},{"version":"0.8.30","status":"affected"},{"version":"0.8.31","status":"affected"},{"version":"0.8.32","status":"affected"},{"version":"0.8.33","status":"affected"},{"version":"0.8.34","status":"affected"},{"version":"0.8.35","status":"affected"},{"version":"0.8.36","status":"affected"},{"version":"0.8.37","status":"affected"},{"version":"0.8.38","status":"affected"},{"version":"0.8.39","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:37:34.514663Z","id":"CVE-2026-12811","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://gist.github.com/TrebledJ/fe7241910ac0aaeff86243fc88e9ffed","source":"cna@vuldb.com"},{"url":"https://github.com/kortix-ai/suna/","source":"cna@vuldb.com"},{"url":"https://github.com/kortix-ai/suna/commit/f5dec7aa0c1b8fa0125938f292c0f2430ca75f6c","source":"cna@vuldb.com"},{"url":"https://github.com/kortix-ai/suna/releases/tag/v0.8.39","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12811","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837175","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372605","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372605/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12812","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T23:16:43.880","lastModified":"2026-06-23T15:16:33.420","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Radware","product":"Cyber Controller","cpes":["cpe:2.3:a:radware:cyber_controller:*:*:*:*:*:*:*:*"],"modules":["HTML Report Generation"],"versions":[{"version":"10.0","status":"affected"},{"version":"10.1","status":"affected"},{"version":"10.2","status":"affected"},{"version":"10.3","status":"affected"},{"version":"10.4","status":"affected"},{"version":"10.5","status":"affected"},{"version":"10.6","status":"affected"},{"version":"10.7","status":"affected"},{"version":"10.8","status":"affected"},{"version":"10.9","status":"affected"},{"version":"10.10","status":"affected"},{"version":"10.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:02:03.694665Z","id":"CVE-2026-12812","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-12812","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837203","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372606","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372606/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12813","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T23:16:44.037","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"activepieces","cpes":["cpe:2.3:a:activepieces:activepieces:*:*:*:*:*:*:*:*"],"modules":["File URL Handler"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2","status":"affected"},{"version":"0.3","status":"affected"},{"version":"0.4","status":"affected"},{"version":"0.5","status":"affected"},{"version":"0.6","status":"affected"},{"version":"0.7","status":"affected"},{"version":"0.8","status":"affected"},{"version":"0.9","status":"affected"},{"version":"0.10","status":"affected"},{"version":"0.11","status":"affected"},{"version":"0.12","status":"affected"},{"version":"0.13","status":"affected"},{"version":"0.14","status":"affected"},{"version":"0.15","status":"affected"},{"version":"0.16","status":"affected"},{"version":"0.17","status":"affected"},{"version":"0.18","status":"affected"},{"version":"0.19","status":"affected"},{"version":"0.20","status":"affected"},{"version":"0.21","status":"affected"},{"version":"0.22","status":"affected"},{"version":"0.23","status":"affected"},{"version":"0.24","status":"affected"},{"version":"0.25","status":"affected"},{"version":"0.26","status":"affected"},{"version":"0.27","status":"affected"},{"version":"0.28","status":"affected"},{"version":"0.29","status":"affected"},{"version":"0.30","status":"affected"},{"version":"0.31","status":"affected"},{"version":"0.32","status":"affected"},{"version":"0.33","status":"affected"},{"version":"0.34","status":"affected"},{"version":"0.35","status":"affected"},{"version":"0.36","status":"affected"},{"version":"0.37","status":"affected"},{"version":"0.38","status":"affected"},{"version":"0.39","status":"affected"},{"version":"0.40","status":"affected"},{"version":"0.41","status":"affected"},{"version":"0.42","status":"affected"},{"version":"0.43","status":"affected"},{"version":"0.44","status":"affected"},{"version":"0.45","status":"affected"},{"version":"0.46","status":"affected"},{"version":"0.47","status":"affected"},{"version":"0.48","status":"affected"},{"version":"0.49","status":"affected"},{"version":"0.50","status":"affected"},{"version":"0.51","status":"affected"},{"version":"0.52","status":"affected"},{"version":"0.53","status":"affected"},{"version":"0.54","status":"affected"},{"version":"0.55","status":"affected"},{"version":"0.56","status":"affected"},{"version":"0.57","status":"affected"},{"version":"0.58","status":"affected"},{"version":"0.59","status":"affected"},{"version":"0.60","status":"affected"},{"version":"0.61","status":"affected"},{"version":"0.62","status":"affected"},{"version":"0.63","status":"affected"},{"version":"0.64","status":"affected"},{"version":"0.65","status":"affected"},{"version":"0.66","status":"affected"},{"version":"0.67","status":"affected"},{"version":"0.68","status":"affected"},{"version":"0.69","status":"affected"},{"version":"0.70","status":"affected"},{"version":"0.71","status":"affected"},{"version":"0.72","status":"affected"},{"version":"0.73","status":"affected"},{"version":"0.74","status":"affected"},{"version":"0.75","status":"affected"},{"version":"0.76","status":"affected"},{"version":"0.77","status":"affected"},{"version":"0.78","status":"affected"},{"version":"0.79","status":"affected"},{"version":"0.80","status":"affected"},{"version":"0.81","status":"affected"},{"version":"0.82","status":"affected"},{"version":"0.83.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:24:23.327254Z","id":"CVE-2026-12813","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/activepieces_file_property_url_ssrf_vulndb.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12813","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837553","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372607","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372607/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12814","sourceIdentifier":"cna@vuldb.com","published":"2026-06-21T23:16:44.217","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Comfast","product":"CF-WR631AX V3","cpes":["cpe:2.3:a:comfast:cf-wr631ax_v3:*:*:*:*:*:*:*:*"],"modules":["API Endpoint"],"versions":[{"version":"2.7.0.0","status":"affected"},{"version":"2.7.0.1","status":"affected"},{"version":"2.7.0.2","status":"affected"},{"version":"2.7.0.3","status":"affected"},{"version":"2.7.0.4","status":"affected"},{"version":"2.7.0.5","status":"affected"},{"version":"2.7.0.6","status":"affected"},{"version":"2.7.0.7","status":"affected"},{"version":"2.7.0.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:07:44.637772Z","id":"CVE-2026-12814","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/0xcc12138/COMFAST-CF-WR631AX-Router-Backend-Command-Injection-RCE-Analysis-Report","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12814","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837561","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372608","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372608/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12815","sourceIdentifier":"cna@vuldb.com","published":"2026-06-22T00:16:41.783","lastModified":"2026-06-22T19:16:50.107","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. The changelog for 4.1.2 mentions \"[i]mproved image, branch, proxy, and deployment input validation\"."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"coollabsio","product":"coolify","cpes":["cpe:2.3:a:coollabsio:coolify:*:*:*:*:*:*:*:*"],"modules":["Image Name Handler"],"versions":[{"version":"4.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:52:24.594496Z","id":"CVE-2026-12815","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/coolify_docker_image_reference_shell_injection_vulndb.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12815","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837577","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372609","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372609/cti","source":"cna@vuldb.com"},{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/coolify_docker_image_reference_shell_injection_vulndb.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://vuldb.com/submit/837577","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12821","sourceIdentifier":"cna@vuldb.com","published":"2026-06-22T00:16:41.950","lastModified":"2026-06-22T18:24:24.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"FlowiseAI","product":"Flowise","cpes":["cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*"],"modules":["S3 Document Loader"],"versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.1","status":"affected"},{"version":"3.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:22:27.169234Z","id":"CVE-2026-12821","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/flowise_s3_loader_object_key_path_traversal_vulndb.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-12821","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/837578","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372611","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/372611/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-12822","sourceIdentifier":"cna@vuldb.com","published":"2026-06-22T00:16:42.103","lastModified":"2026-06-26T13:35:12.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","cpes":["cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"],"modules":["Bundle URL Loader"],"versions":[{"version":"1.9.0","status":"affected"},{"version":"1.9.1","status":"affected"},{"version":"1.9.2","status":"affected"},{"version":"1.9.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:38:49.223145Z","id":"CVE-2026-12822","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.3","matchCriteriaId":"9CA953F0-A058-4C10-B446-0EFB390BEEAE"}]}]}],"references":[{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/langflow_bundle_url_custom_component_startup_rce_vulndb.md","source":"cna@vuldb.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://vuldb.com/cve/CVE-2026-12822","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/submit/837582","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372612","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/372612/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://github.com/dxz0069/softwareoverflow/blob/main/langflow_bundle_url_custom_component_startup_rce_vulndb.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11745","sourceIdentifier":"dl_cve@linecorp.com","published":"2026-06-22T03:16:42.670","lastModified":"2026-06-22T20:21:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories."}],"affected":[{"source":"dl_cve@linecorp.com","affectedData":[{"vendor":"LY Corporation","product":"Central Dogma","defaultStatus":"affected","versions":[{"version":"0.84.0","lessThan":"*","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"dl_cve@linecorp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:29:39.280352Z","id":"CVE-2026-11745","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-322"}]}],"references":[{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3","source":"dl_cve@linecorp.com"},{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11746","sourceIdentifier":"dl_cve@linecorp.com","published":"2026-06-22T03:16:42.833","lastModified":"2026-06-22T20:21:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster."}],"affected":[{"source":"dl_cve@linecorp.com","affectedData":[{"vendor":"LY Corporation","product":"Central Dogma","defaultStatus":"affected","versions":[{"version":"0.84.0","lessThan":"*","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"dl_cve@linecorp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:12:56.884349Z","id":"CVE-2026-11746","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg","source":"dl_cve@linecorp.com"},{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11748","sourceIdentifier":"dl_cve@linecorp.com","published":"2026-06-22T03:16:42.950","lastModified":"2026-06-22T20:21:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure."}],"affected":[{"source":"dl_cve@linecorp.com","affectedData":[{"vendor":"LY Corporation","product":"Central Dogma","defaultStatus":"affected","versions":[{"version":"0.84.0","lessThan":"*","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"dl_cve@linecorp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:11:47.695670Z","id":"CVE-2026-11748","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"references":[{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75","source":"dl_cve@linecorp.com"},{"url":"https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-8918","sourceIdentifier":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","published":"2026-06-22T03:16:43.070","lastModified":"2026-06-24T05:17:30.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash (BSOD) by bypassing the validation mechanism.Refer to the '\nSecurity Update for Armoury Crate App ' section on the ASUS Security Advisory for more information."}],"affected":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","affectedData":[{"vendor":"ASUS","product":"Armoury Crate","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.4.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-8918","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","description":[{"lang":"en","value":"CWE-183"}]}],"references":[{"url":"https://www.asus.com/security-advisory","source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}]}},{"cve":{"id":"CVE-2026-6645","sourceIdentifier":"eb41dac7-0af8-4f84-9f6d-0272772514f4","published":"2026-06-22T04:17:13.310","lastModified":"2026-06-23T05:17:05.117","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.\n\n\n\nBecause the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host."}],"affected":[{"source":"eb41dac7-0af8-4f84-9f6d-0272772514f4","affectedData":[{"vendor":"PaperCut","product":"Print Deploy","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"1.10.4178","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"eb41dac7-0af8-4f84-9f6d-0272772514f4","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-6645","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"eb41dac7-0af8-4f84-9f6d-0272772514f4","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-june-2026/","source":"eb41dac7-0af8-4f84-9f6d-0272772514f4"}]}},{"cve":{"id":"CVE-2026-10530","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:15.623","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Pie Register  WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Pie Register","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.8.4.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:10:35.730235Z","id":"CVE-2026-10530","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/bd3fe1d2-9f21-4b51-9112-2971a25a7e62/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-4110","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:16.790","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"ultimate-woocommerce-auction-pro","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"2.4.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:34:03.741637Z","id":"CVE-2026-4110","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/bd44396a-7723-4876-a9c6-266442879bcb/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-4259","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:21.153","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"ultimate-woocommerce-auction-pro","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"2.4.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:55:00.553860Z","id":"CVE-2026-4259","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/a98d234b-11e8-4a07-8593-982d656a4fd3/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-6858","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:21.263","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Transbank Webpay","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.14.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:51:12.175467Z","id":"CVE-2026-6858","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/81035d75-81a5-486a-a9fb-b0d1e0befe3c/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-7859","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:25.437","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Motors  WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Motors","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.4.110","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:49:59.928039Z","id":"CVE-2026-7859","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://wpscan.com/vulnerability/3c11e490-92d8-46e1-a0ae-7c4c703ac411/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8157","sourceIdentifier":"contact@wpscan.com","published":"2026-06-22T06:16:29.000","lastModified":"2026-06-22T18:38:02.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Vitepos  WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos  WordPress plugin before 3.4.2 role to escalate privileges to administrator."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Vitepos","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:48:43.789264Z","id":"CVE-2026-8157","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://wpscan.com/vulnerability/6680cc6a-9758-4040-bb39-7b9545041dc3/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2025-62198","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:16:35.257","lastModified":"2026-06-23T14:53:43.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated user can perform XSS.\n\nThis issue affects Apache Atlas versions 2.4.0 and earlier.\n\nUsers are recommended to upgrade to version 2.5.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Atlas","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:50:14.516394Z","id":"CVE-2025-62198","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:atlas:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"96893B47-FBC0-453A-90AF-1BEF2416E447"}]}]}],"references":[{"url":"https://lists.apache.org/thread/nv893lhz3ok08f25j3v4z1to5nrpdp7k","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-66336","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:16:36.390","lastModified":"2026-06-26T13:28:24.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope.\n\nAffected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Doris MCP Server","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"doris-mcp-server","versions":[{"version":"0.1.0","lessThan":"0.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:49:32.488671Z","id":"CVE-2025-66336","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:doris_mcp_server:*:*:*:*:*:*:*:*","versionStartIncluding":"0.1.0","versionEndExcluding":"0.6.1","matchCriteriaId":"95766A2C-71CC-4CC7-9F95-501B6ACC1E2F"}]}]}],"references":[{"url":"https://lists.apache.org/thread/4l4v3m7ofwrgp4s4s98pjb5l03fcrzo2","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44911","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:17:05.447","lastModified":"2026-06-23T19:55:10.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined verification methods with alternative settings. Apache NiFi installations that do not implement different levels of authorization for viewing and modifying component configuration are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, requiring write access to submit configuration verification requests."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache NiFi","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.nifi:nifi-web-api","versions":[{"version":"1.15.0","lessThanOrEqual":"2.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:28:06.849874Z","id":"CVE-2026-44911","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"2.10.0","matchCriteriaId":"B6A7F493-8FA7-4D60-A2D1-70AD8A71A89F"}]}]}],"references":[{"url":"https://lists.apache.org/thread/wrj3t4k2bwd2cztyp078f5kj3722qfzy","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/20/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2026-44913","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:17:05.613","lastModified":"2026-06-23T19:53:00.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not cover additional strategies. Apache NiFi installations that do not use the CaptureChangeMySQL Processor are not subject to this vulnerability. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which incorporates more robust identifier escaping."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache NiFi","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.nifi:nifi-cdc-mysql-processors","versions":[{"version":"1.2.0","lessThanOrEqual":"2.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:L/U:Clear","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"CLEAR"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:28:36.629842Z","id":"CVE-2026-44913","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"2.10.0","matchCriteriaId":"06ECCD2B-8B33-4D0F-A817-6E3FA426BB5F"}]}]}],"references":[{"url":"https://lists.apache.org/thread/c8vkt5rz4dqql6sjxgrr3zdkbt1sfmsl","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/20/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2026-44914","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:17:05.757","lastModified":"2026-06-24T05:17:28.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not check restricted status when handling requests to replace Process Groups. The missing authorization permits a user with general write access to add components with Restricted status. Apache NiFi installations that do not implement specific authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.9.0 is the recommended mitigation, which removes the implementation of Restricted status authorization from the framework."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache NiFi","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.nifi:nifi-web-api","versions":[{"version":"1.12.0","lessThanOrEqual":"2.9.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:L/U:Clear","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"LOW","providerUrgency":"CLEAR"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-44914","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.12.0","versionEndExcluding":"2.10.0","matchCriteriaId":"755264A7-8627-424F-9517-50F7E135D9BE"}]}]}],"references":[{"url":"https://lists.apache.org/thread/ydr34t03xd1n0t9oogpzogjrd5y93838","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/20/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54665","sourceIdentifier":"security@apache.org","published":"2026-06-22T08:17:07.240","lastModified":"2026-06-23T19:19:18.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in the HTTP Host header, but did not apply the validation to alternative Proxy and Forwarded headers. The absence of proxy host header validation allowed a client to instruct Apache NiFi web services to construct invalid qualified URLs for redirection or data references. Upgrading to Apache NiFi 2.10.0 is the recommended mitigation, which implements validation for the X-ProxyHost and X-Forwarded-Host HTTP request headers based on the nifi.web.proxy.host property. Enabling header validation requires configuring the application with HTTPS. Reverse proxy servers in front of Apache NiFi are responsible for filtering input request headers and providing allowed values to the application."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache NiFi","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.nifi:nifi-jetty","versions":[{"version":"0.0.1","lessThan":"2.10.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Green","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:09:44.185547Z","id":"CVE-2026-54665","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.0.1","versionEndExcluding":"2.10.0","matchCriteriaId":"A4E29D0D-B12D-48D1-9257-B53A364819BE"}]}]}],"references":[{"url":"https://lists.apache.org/thread/y0yoblon8f6dp00qz5r90cxq5n6g4j6k","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/20/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2023-45795","sourceIdentifier":"info@cert.vde.com","published":"2026-06-22T10:16:16.470","lastModified":"2026-06-22T17:47:16.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"Pilz","product":"PMI v8xx","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThanOrEqual":"2.0.33992","versionType":"semver","status":"affected"}]},{"vendor":"Pilz","product":"PASvisu","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"1.14.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T13:25:28.450217Z","id":"CVE-2023-45795","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://certvde.com/en/advisories/VDE-2023-050/","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2023-45796","sourceIdentifier":"info@cert.vde.com","published":"2026-06-22T10:16:17.513","lastModified":"2026-06-22T18:16:28.947","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"Pilz","product":"PMI v8xx","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThanOrEqual":"2.0.33992","versionType":"semver","status":"affected"}]},{"vendor":"Pilz","product":"PASvisu","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"1.14.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:38:36.981971Z","id":"CVE-2023-45796","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://certvde.com/en/advisories/VDE-2023-050/","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2026-12580","sourceIdentifier":"twcert@cert.org.tw","published":"2026-06-22T10:16:18.120","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Digiwin","product":"EasyFlow .NET","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.1.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:26:34.859729Z","id":"CVE-2026-12580","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10981-8617d-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10980-0e640-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-12581","sourceIdentifier":"twcert@cert.org.tw","published":"2026-06-22T10:16:18.260","lastModified":"2026-06-22T20:17:59.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Digiwin","product":"EasyFlow .NET","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.1.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:25:18.293654Z","id":"CVE-2026-12581","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10981-8617d-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10980-0e640-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-12862","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-22T10:16:18.387","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"Venueless","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"0a35457f","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:23:08.251405Z","id":"CVE-2026-12862","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-148"}]}],"references":[{"url":"https://github.com/venueless/venueless/security/advisories/GHSA-5hw3-655h-7m86","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-12863","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-22T10:16:18.520","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"Venueless","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"d27864a7","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:27:00.898005Z","id":"CVE-2026-12863","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/venueless/venueless/security/advisories/GHSA-m87f-7c4r-w4p3","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-11373","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-22T12:16:24.243","lastModified":"2026-06-22T18:45:41.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections.\n\nNet::Statsite::Client is a client for the statsite protocol, which is a variant of statsd.\n\nNewlines are not removed from metric names, allowing metric injections.\n\nValues are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"JASEI","product":"Net::Statsite::Client","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Net-Statsite-Client","programFiles":["lib/Net/Statsite/Client.pm"],"programRoutines":[{"name":"Net::Statsite::Client::timing"},{"name":"Net::Statsite::Client::update"},{"name":"Net::Statsite::Client::unique"},{"name":"Net::Statsite::Client::gauge"},{"name":"Net::Statsite::Client::send"}],"repo":"https://github.com/avast/Net-Statsite-Client","versions":[{"version":"0","lessThanOrEqual":"1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:32:52.642366Z","id":"CVE-2026-11373","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-150"}]}],"references":[{"url":"http://armon.github.io/statsite","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/JASEI/Net-Statsite-Client-1.1.0/view/lib/Net/Statsite/Client.pm","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/N/Net-Statsite-Client/1.1.0/CVE-2026-11373-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46719","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46720","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46739","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}},{"cve":{"id":"CVE-2026-56422","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T12:16:26.920","lastModified":"2026-06-22T18:16:49.920","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign keys (event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid, and related nested object identifiers) without consistently stripping, pinning, or revalidating them against the server-authorized object.\n\nIn affected paths, an authenticated user with access to one authorized object could submit crafted REST or form payloads that caused MISP to save data against a different object than the one checked by the authorization logic. Depending on the endpoint, this could allow object overwrite, object re-parenting, ownership transfer, unauthorized sharing-group scoping, event/object injection, proposal retargeting, or stored attacker-controlled content appearing in another user’s context.\n\nThe fixes harden affected create/edit/import flows by stripping client-supplied primary keys on create-only saves, re-pinning route- or database-authorized identifiers before save operations, validating effective sharing-group scope, and adding field whitelists where ownership fields must never be editable. The initial broad fix also added a central CRUDComponent::edit() primary-key re-pin so payload-supplied IDs cannot redirect saves away from the already-authorized row. GitHub’s patch for 7acf8220c describes this central issue as CRUDComponent::edit() copying supplied fields, including a payload primary key, onto the loaded record, allowing CakePHP save() to update an arbitrary row unless the loaded ID is re-pinned."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/misp/misp","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:09:12.774625Z","id":"CVE-2026-56422","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/00b2e3dae56fa24ea750eb525cc4709b7e5bee85","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/025f711506850aadb69cde1b57e5e5d57628c87f","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/05aad418c57bb78e6b58a843d70d45de8f50db45","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/2cc26f38f3e85c594957899f09043d5193146607","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/3ff6bd9cfdab5d41b4667ea7298d88ffd6f3fcb8","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/57433015815e59db5a1f11536f90920952cf3fcd","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/58f637aaab4d133e72f1454ebb963191d96d3b78","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/634f1f87c295193486c08c2c7ba1fee8a7339baa","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/63aebc27a878233b9475c742985aaef909bc755b","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/7acf8220cafac58bcfb362da37aca512fe4bb396","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/8311427c2edd72a8341f0a65e1f11073d7ad9191","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/84bafe69f5d0ab7f811371c0801a613f271ebc0b","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/9341690e9b6dde7f0605edea5533e05ba7362e35","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/ab9619dfa6cb5210fd20fb3b0b57006e4fc93916","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/bc182d55dde5686a36ca2eb88fe6c2adabb9fad9","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"},{"url":"https://github.com/MISP/MISP/commit/c80a3533b3d787f45f5185a4621cc0f05b0cf2e5","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2025-33128","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T14:16:22.910","lastModified":"2026-06-26T20:20:31.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering Workflow Management","cpes":["cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:interim_fix_020:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1:interim_fix_007:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:interim_fix_007:*:*:*:*:*:*"],"versions":[{"version":"7.0.3","lessThanOrEqual":"7.0.3 Interim Fix 020","versionType":"semver","status":"affected"},{"version":"7.1.0","lessThanOrEqual":"7.1 Interim Fix 007","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:05:03.637720Z","id":"CVE-2025-33128","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:-:*:*:*:*:*:*","matchCriteriaId":"3CB2A4A5-05AB-4591-BC17-508B6CC52D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix001:*:*:*:*:*:*","matchCriteriaId":"AC3523E9-2176-4F06-89DE-B9E39A8B5DFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix002:*:*:*:*:*:*","matchCriteriaId":"2856B724-9102-453D-92D9-D6960D723EEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix003:*:*:*:*:*:*","matchCriteriaId":"9F016ABC-BE79-4979-9A80-777F0D02615F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix004:*:*:*:*:*:*","matchCriteriaId":"B9FC1B96-18D3-4E17-A9F1-B020F0D72590"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix005:*:*:*:*:*:*","matchCriteriaId":"936271E0-3CF6-43CE-81D2-C7B0BEB7BBE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix006:*:*:*:*:*:*","matchCriteriaId":"D34862FD-AE18-46FE-B4E6-AC639120774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix007:*:*:*:*:*:*","matchCriteriaId":"3C3C127B-9AF2-4B7A-ACEE-9A2875CBAE99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix008:*:*:*:*:*:*","matchCriteriaId":"181B8EF5-E34B-41EF-AE2D-3C202D4C88EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix009:*:*:*:*:*:*","matchCriteriaId":"5C8113D3-4934-4551-84BD-FC0A6489F82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix010:*:*:*:*:*:*","matchCriteriaId":"8BE8D6E5-C897-4C58-BE03-C26B4D3C6494"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix011:*:*:*:*:*:*","matchCriteriaId":"BF1CFB7F-F8EB-4D71-8765-07CE49D31189"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix012:*:*:*:*:*:*","matchCriteriaId":"38A55F98-2982-43E1-AE01-37B423C9B481"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix013:*:*:*:*:*:*","matchCriteriaId":"174815C1-90FD-4947-9EB7-9BF713DCD3D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix014:*:*:*:*:*:*","matchCriteriaId":"FA3149F4-EF4C-46F6-8DAF-C9217CF16F59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix015:*:*:*:*:*:*","matchCriteriaId":"3C23BE8B-1492-40F2-A218-CF85A754D4FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix016:*:*:*:*:*:*","matchCriteriaId":"11CFA2C9-C485-4780-A04C-FA39E7E7A3AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix017:*:*:*:*:*:*","matchCriteriaId":"05C3B457-57A8-4DA9-A95E-5D198974A0B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix018:*:*:*:*:*:*","matchCriteriaId":"F407A290-B204-4B18-84C0-A598E56F0EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix019:*:*:*:*:*:*","matchCriteriaId":"7EDBEFA2-B476-4711-8153-214D566875D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix020:*:*:*:*:*:*","matchCriteriaId":"CEC9F849-AF2B-40DB-992A-090605B078F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7FAE09FF-371A-4B02-A837-40149E773AE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix001:*:*:*:*:*:*","matchCriteriaId":"E153E7C3-A2A5-4757-9684-3DCBCE05B9F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix002:*:*:*:*:*:*","matchCriteriaId":"0B0984C6-0E92-4493-B0A2-40BC0888F2FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix003:*:*:*:*:*:*","matchCriteriaId":"F62B6927-F717-499A-8EC3-900AC06A3DF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix004:*:*:*:*:*:*","matchCriteriaId":"0883E0E8-8E67-44B8-B0D8-E6D55306B319"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix005:*:*:*:*:*:*","matchCriteriaId":"2CACCEE4-0346-44B0-ACF8-270F70D8B316"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix006:*:*:*:*:*:*","matchCriteriaId":"57CE388F-D826-4EFC-BBBA-E539FE69361A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix007:*:*:*:*:*:*","matchCriteriaId":"E4C0BF7F-D922-49C3-B62C-F904EB1DBCA6"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276116","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10561","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T14:16:25.023","lastModified":"2026-06-26T20:19:05.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise"}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.9.3:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.9.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:55:46.829544Z","id":"CVE-2026-10561","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.9.3","matchCriteriaId":"C66FB82E-7574-434A-92AF-C36A8E16584C"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7277242","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12602","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-22T14:16:27.393","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Aruba","product":"ArubaSign","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.6.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:52:10.919361Z","id":"CVE-2026-12602","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-permissions-arubasign-aruba","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-12888","sourceIdentifier":"0f2be0ad-3469-4e56-b38f-4eb96719b425","published":"2026-06-22T14:16:34.740","lastModified":"2026-06-23T15:42:44.400","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.\n\n\nThis issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd."}],"affected":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","affectedData":[{"vendor":"Thinkst Applied Research","product":"Canarytokens","defaultStatus":"unaffected","versions":[{"version":"sha-4aef1db90","lessThan":"sha-8ab4dccd","versionType":"custom","status":"affected"},{"version":"4aef1db90","lessThan":"8ab4dccd","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:Green","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:42:24.249954Z","id":"CVE-2026-12888","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-vcfc-7466-8q65","source":"0f2be0ad-3469-4e56-b38f-4eb96719b425"}]}},{"cve":{"id":"CVE-2026-56423","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:49.913","lastModified":"2026-06-23T15:16:39.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object.\n\nFor Event Reports, EventReportsController::deleteSelection relied on the global perm_add capability rather than a per-report ownership/authorization check. As a result, a contributor-level user could submit report IDs or UUIDs for reports belonging to other organisations and hard-delete them instance-wide. The fix changed the callback to call EventReport::fetchIfAuthorized($user, $itemId, 'delete') for each selected report before deletion.\n\n\n\n\nFor Sharing Groups, SharingGroupsController::deleteSelection relied on the global perm_sharing_group capability rather than verifying ownership of each selected sharing group. This allowed a sharing-group-capable user to hard-delete sharing groups owned by other organisations, bypassing the per-object ownership gate used by the single-object delete action. The fix changed the callback to call SharingGroup::checkIfOwner($user, $itemId) for each selected sharing group.\n\n\n\n\nAn authenticated attacker with the relevant broad role permission could abuse the affected bulk deletion endpoints to delete objects outside their organisation’s authorization scope, causing loss of event-report content or sharing-group configuration across the instance."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/MISP/misp","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:03:06.568537Z","id":"CVE-2026-56423","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.42","matchCriteriaId":"32F75E39-E0FB-4494-9EE1-52BDCF623A43"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/ada02fa6d7558732aa4712fd5e9451cd8c5b7a64","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/f99b3f16ef22c7acf10e17036c777759cf031c15","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56424","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.057","lastModified":"2026-06-23T15:16:39.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could cause the application to authorize one object but mutate another, or could modify objects that were merely visible rather than editable by the user’s organization.\n\n\nThe affected paths included:\n\n  *  Event Reports tag removal: the route-authorized report could differ from the report ID used for tag detachment, enabling cross-organization tag removal from another event report\n\n\n\n\n  *  Collection Elements bulk deletion: bulk deletion authorized against a collection whose ID matched the collection-element row ID, rather than the element’s actual parent collection, enabling deletion of elements from collections the user did not own.\n  *  Analyst Data capture/update: nested analyst data updates could overwrite an existing record without applying the normal canEditAnalystData ownership check, enabling cross-organization overwrite of analyst data records.\n  *  Template Elements editing: editing authorized against a template whose ID matched the template-element ID, rather than the element’s actual parent template, enabling unauthorized edits to another organization’s template elements.\n  *  Decaying Model editing and mappings: write paths loaded models using view-scope access but did not verify edit ownership, enabling users to edit or remap visible models owned by another organization. \n\n\n\n\n\n\n\n\nSuccessful exploitation could allow an authenticated user with subsystem-specific permissions to perform unauthorized cross-organization modifications or deletions of MISP data, resulting in integrity loss, unauthorized tampering with shared intelligence, and disruption of analyst workflows."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/misp/misp","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:03:24.438200Z","id":"CVE-2026-56424","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.42","matchCriteriaId":"32F75E39-E0FB-4494-9EE1-52BDCF623A43"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/24d7e91339a3ef043652dd5799c36e5065b2bb4a","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/3aecc04d5816189412b589cf590c6dbe9a8db5c0","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/57ad774d21bd1863d060a9e6e73ae54eb96784ce","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/744005cefdc3b943bd29669c3b34cc66a5fc2154","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]},{"url":"https://github.com/MISP/MISP/commit/ba2f51fe7440ba2c6043ccde858cac1e25f96931","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56425","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.220","lastModified":"2026-06-26T20:33:09.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol.\n\n\nThe application used the PHP session identifier (session_id()) as the OAuth state parameter. Because session identifiers are long-lived authentication credentials, exposing them in OAuth redirect URLs could leak valid session tokens through browser history, HTTP Referer headers, reverse proxies, access logs, or third-party infrastructure involved in the authentication flow. If obtained by an attacker, the leaked session identifier could potentially be used for session hijacking.\n\n\nAdditionally, the implementation did not regenerate the session identifier after successful authentication, leaving authenticated sessions susceptible to session fixation attacks where an attacker forces a victim to use a known session identifier before login and later reuses that identifier after authentication.\n\n\nThe OAuth state value was also not implemented as a dedicated, single-use nonce. This weakened CSRF protections and increased the risk of replay attacks against the OAuth callback process.\n\n\nThe authentication flow further failed to enforce HTTPS for the configured OAuth redirect URI. If a non-HTTPS redirect URI was used, OAuth authorization codes and access tokens could traverse the network in plaintext, exposing sensitive credentials to network attackers.\n\n\nFinally, OAuth error responses containing attacker-controlled GET parameters were logged verbatim. An attacker could inject control characters or crafted log content, leading to log forging, log injection, or corruption of audit records.\n\n\nThe fix introduces:\n\n\n\n  *  \nA dedicated cryptographically random OAuth state value.\n\n\n  *  \nSingle-use state validation and invalidation.\n\n\n  *  \nConstant-time state comparison using hash_equals().\n\n\n  *  \nSession identifier rotation after successful authentication.\n\n\n  *  \nEnforcement of HTTPS-only redirect URIs.\n\n\n  *  \nSanitized and length-limited logging of OAuth error parameters.\n\n\nAAD Authentication Plugin (OAuth 2.0 / Azure Active Directory integration)"}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/misp/misp","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:03:59.244241Z","id":"CVE-2026-56425","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.42","matchCriteriaId":"32F75E39-E0FB-4494-9EE1-52BDCF623A43"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/146bc40ad6e10a44f01e8ed62d5f7bc9c06cc4fa","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56446","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.370","lastModified":"2026-06-23T16:17:05.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a web-accessible directory and inject PHP code through logged data. Accessing the resulting file could lead to remote code execution with the privileges of the web server process.\n\nThe fix restricts log destinations to existing directories beneath APP/tmp/logs or /var/log, requires absolute paths, rejects stream wrappers and traversal-related input, and limits filenames to .log or .ndjson extensions while disallowing executable extension segments."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/MISP/MISP/","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:46:35.904980Z","id":"CVE-2026-56446","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.42","matchCriteriaId":"32F75E39-E0FB-4494-9EE1-52BDCF623A43"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb0","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56447","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.497","lastModified":"2026-06-23T14:16:17.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as plugin.library.paths to load an external library, resulting in arbitrary code execution with the privileges of the MISP process. An attacker could leverage a MISP-writable location, such as an uploaded file or administrative image, to host the malicious configuration file.\n\nThe issue is fixed by restricting the setting to absolute .ini files located only in approved configuration directories outside the webroot and MISP upload targets."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"misp","product":"misp","defaultStatus":"unaffected","repo":"https://github.com/MISP/MISP/","versions":[{"version":"0","lessThanOrEqual":"2.5.41","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:51:35.320257Z","id":"CVE-2026-56447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.42","matchCriteriaId":"32F75E39-E0FB-4494-9EE1-52BDCF623A43"}]}]}],"references":[{"url":"https://github.com/MISP/MISP/commit/9600d486ccfc98388e13897fd954350cebac5fb0","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56448","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.627","lastModified":"2026-06-22T18:16:50.207","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image, favicon, or screenshot storage directories. This may allow the attacker to download and read arbitrary files that are accessible to the AIL process.\n\nThe issue occurs because user-controlled path components were joined with application storage paths without verifying that the resolved path remained within the expected directory. The affected download functionality could then include the contents of such files in a generated archive."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"ail project","product":"ail framework","defaultStatus":"unaffected","repo":"https://github.com/ail-project/ail-framework","versions":[{"version":"0","lessThanOrEqual":"6.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:47:56.194887Z","id":"CVE-2026-56448","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/ail-project/ail-framework/commit/0041456af25da0cdea1c1c4624e46baff2731d8f","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-56450","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-06-22T14:17:50.760","lastModified":"2026-06-22T18:16:50.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable brute-force guessing of a valid code and bypass the intended second authentication factor, resulting in unauthorized account access.\n\n\nThe patch introduces per-user failed-OTP tracking, blocks verification after 30 failed attempts for one hour, clears the counter after a successful OTP verification, and provides administrator recovery actions to purge affected lockouts."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"ail project","product":"ail framework","defaultStatus":"unaffected","repo":"https://github.com/ail-project/ail-framework","versions":[{"version":"0","lessThanOrEqual":"6.8.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:48:34.062796Z","id":"CVE-2026-56450","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/ail-project/ail-framework/commit/d3a394fe68fd5aeee86f3a3c91d4a0350f91e974","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-5139","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T14:17:50.887","lastModified":"2026-06-23T20:50:51.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticated user to overwrite the global default GitLab instance configuration via the {{/gitlab connect <instance-name>}} slash command.. Mattermost Advisory ID: MMSA-2026-00644"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.2","versionType":"semver","status":"affected"},{"version":"11.5.0","lessThanOrEqual":"11.5.5","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"11.6.3","status":"unaffected"},{"version":"11.5.6","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:39:17.436366Z","id":"CVE-2026-5139","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.6","matchCriteriaId":"DE6925FD-7708-4A31-A240-087199E4A907"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.3","matchCriteriaId":"1D3AEA32-BA45-409E-BF12-47F253639A6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6062","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T14:17:51.003","lastModified":"2026-06-23T20:50:26.453","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT request to the subscription edit endpoint.. Mattermost Advisory ID: MMSA-2026-00650"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.2","versionType":"semver","status":"affected"},{"version":"11.5.0","lessThanOrEqual":"11.5.5","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"11.6.3","status":"unaffected"},{"version":"11.5.6","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:41:30.282800Z","id":"CVE-2026-6062","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.6","matchCriteriaId":"DE6925FD-7708-4A31-A240-087199E4A907"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.3","matchCriteriaId":"1D3AEA32-BA45-409E-BF12-47F253639A6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6653","sourceIdentifier":"security@ubuntu.com","published":"2026-06-22T14:17:51.113","lastModified":"2026-06-22T18:16:50.740","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling."}],"affected":[{"source":"security@ubuntu.com","affectedData":[{"vendor":"GNOME","product":"libxml2","defaultStatus":"unaffected","packageName":"libxml2","repo":"https://gitlab.gnome.org/GNOME/libxml2","versions":[{"version":"2.9.11","lessThan":"2.11.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:51:00.508541Z","id":"CVE-2026-6653","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/2141260","source":"security@ubuntu.com"},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-6673","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T14:17:51.260","lastModified":"2026-06-23T20:49:21.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the pending-install window.. Mattermost Advisory ID: MMSA-2026-00654"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.2","versionType":"semver","status":"affected"},{"version":"11.5.0","lessThanOrEqual":"11.5.5","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"11.6.3","status":"unaffected"},{"version":"11.5.6","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:40:53.578692Z","id":"CVE-2026-6673","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.6","matchCriteriaId":"DE6925FD-7708-4A31-A240-087199E4A907"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.3","matchCriteriaId":"1D3AEA32-BA45-409E-BF12-47F253639A6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7165","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-22T14:17:52.697","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The vulnerability is present in the ‘/addJugador’ endpoint:\n  *  The 'keyJugador' and 'keyJugadorObjectiu'  parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their information.\n\n  *  The ‘punts’ and ‘numObjectiusEliminats’ fields allow arbitrary data to be added because user input is not properly validated. This makes it possible to obtain authentic prizes, awarded by city councils, by falsifying game scores. \n\n  *  In the ‘tokens’ field, administrative privileges can be self-assigned without server validation or prior authentication. This vulnerability could allow an authenticated attacker to grant themselves administrator permissions and thus escalate privileges.\n\n  *  Numeric fields allow the entry of extremely long values, which can cause the system to crash. Successful exploitation of this vulnerability could allow an authenticated attacker to launch a denial-of-service (DoS) attack, preventing created games from being playable.\n\n  *  The ‘urlImatge’ parameter allows server-side requests to arbitrary URLs, enabling the retrieval of users’ internal IP addresses, access to internal services, reading of local files, and unauthorized interaction with third-party APIs. An authenticated attacker could gain access to sensitive data."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Gaudire","product":"Assassin game","defaultStatus":"unaffected","versions":[{"version":"last version","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:45:14.077122Z","id":"CVE-2026-7165","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-7166","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-22T14:17:52.860","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Gaudire","product":"Assassin game","defaultStatus":"unaffected","versions":[{"version":"last version","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:45:56.502812Z","id":"CVE-2026-7166","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-7167","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-06-22T14:17:52.990","lastModified":"2026-06-22T19:45:16.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system."}],"affected":[{"source":"cve-coordination@incibe.es","affectedData":[{"vendor":"Gaudire","product":"Assassin game","defaultStatus":"unaffected","versions":[{"version":"last version","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:46:25.900245Z","id":"CVE-2026-7167","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-8074","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T14:17:53.733","lastModified":"2026-06-23T20:48:34.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/{id}/active API endpoint.. Mattermost Advisory ID: MMSA-2026-00667"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:40:23.411921Z","id":"CVE-2026-8074","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9162","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T14:17:55.910","lastModified":"2026-06-23T20:47:36.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continue receiving real-time events until the cached session expires or the client reconnects.. Mattermost Advisory ID: MMSA-2026-00664"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"11.6.0","lessThanOrEqual":"11.6.2","versionType":"semver","status":"affected"},{"version":"11.5.0","lessThanOrEqual":"11.5.5","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"11.6.3","status":"unaffected"},{"version":"11.5.6","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:39:54.095237Z","id":"CVE-2026-9162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.5.0","versionEndExcluding":"11.5.6","matchCriteriaId":"DE6925FD-7708-4A31-A240-087199E4A907"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.0","versionEndExcluding":"11.6.3","matchCriteriaId":"1D3AEA32-BA45-409E-BF12-47F253639A6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-51454","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:31.973","lastModified":"2026-06-26T20:05:47.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Engineering Workflow Management","cpes":["cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:interim_fix_035:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:interim_fix_017:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1:interim_fix_004:*:*:*:*:*:*","cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:interim_fix_004:*:*:*:*:*:*"],"versions":[{"version":"7.0.2","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"7.0.3","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"},{"version":"7.1","lessThanOrEqual":"7.1 Interim Fix 004","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:49:50.448618Z","id":"CVE-2024-51454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-644"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9E5C3FDC-DD05-423A-8A14-8372C9741D9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:-:*:*:*:*:*:*","matchCriteriaId":"FBC6ACB3-087D-41BF-A8B0-1185DEDF059B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix001:*:*:*:*:*:*","matchCriteriaId":"60AD1C14-4A81-42A5-B049-186A5FD6B0E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix002:*:*:*:*:*:*","matchCriteriaId":"19BFFADF-33A7-4CB9-AA0D-FA8438A75BB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix003:*:*:*:*:*:*","matchCriteriaId":"A9CE2E11-574B-4230-9A90-8EEC63FB19E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix004:*:*:*:*:*:*","matchCriteriaId":"0633AA0F-0038-4309-835F-C0FE13355AEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix005:*:*:*:*:*:*","matchCriteriaId":"CD7C9AA9-1B20-48EE-9893-2DA65DE54B43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix006:*:*:*:*:*:*","matchCriteriaId":"41D868E8-FC5B-48E3-9533-D6C2C6E35CAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix007:*:*:*:*:*:*","matchCriteriaId":"7F062124-3C26-466A-AA4D-DEA5FC60D76B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix008a:*:*:*:*:*:*","matchCriteriaId":"838FD9C0-4443-4022-9ECA-E67527830BE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix009:*:*:*:*:*:*","matchCriteriaId":"2DDBB627-B40B-4747-9475-97AD329015CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix010:*:*:*:*:*:*","matchCriteriaId":"88E6C0BA-DA91-4285-9B19-90526E1AB071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix011:*:*:*:*:*:*","matchCriteriaId":"6728BEF5-A3E7-48F5-891C-29669FEA4688"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix012:*:*:*:*:*:*","matchCriteriaId":"2037F933-DCB2-4B38-8922-FBBBA3470EAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix013:*:*:*:*:*:*","matchCriteriaId":"A87E9DC5-9B99-4534-A8ED-F219762AD051"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix014:*:*:*:*:*:*","matchCriteriaId":"C7C44644-8F15-486D-B9FD-3DFFB0968CAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix016:*:*:*:*:*:*","matchCriteriaId":"FF9CCC66-6139-4AE6-A41C-03F447D14D92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix017:*:*:*:*:*:*","matchCriteriaId":"895820F8-2C04-4550-8720-391262EA3E07"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix018:*:*:*:*:*:*","matchCriteriaId":"B75476C5-BF91-42EB-AA43-264089359DA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix020a:*:*:*:*:*:*","matchCriteriaId":"71B928DB-84D7-4016-B615-984E29B80DEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix021:*:*:*:*:*:*","matchCriteriaId":"EF64830D-AEDA-494D-AEDC-1639BBB8652A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix022:*:*:*:*:*:*","matchCriteriaId":"AE8EAE48-2A3B-4FEC-98CA-6F9DA87B0663"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix023:*:*:*:*:*:*","matchCriteriaId":"DE4BC0A1-A410-4ABE-A293-FA59F107F329"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix024:*:*:*:*:*:*","matchCriteriaId":"19AC2F20-52F8-45AF-996B-C6B2D62DD84D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix025:*:*:*:*:*:*","matchCriteriaId":"377E4E94-5924-4300-BF83-EA90DAE79C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix026a:*:*:*:*:*:*","matchCriteriaId":"C3A716A3-289B-41EA-BD68-4DC54469E9A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix027:*:*:*:*:*:*","matchCriteriaId":"50854F7F-ACE0-4A9E-A395-2C28749D91BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix028:*:*:*:*:*:*","matchCriteriaId":"5B3FAAEA-63BD-4F47-8125-D781CDB5A652"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix029:*:*:*:*:*:*","matchCriteriaId":"5EF1ECB7-6AFD-4EA5-8363-B55B9F6CFEC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix030:*:*:*:*:*:*","matchCriteriaId":"26261373-AE06-40A1-9D6F-A2ED4900D19F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix031:*:*:*:*:*:*","matchCriteriaId":"E546178A-3EC0-4E15-AC13-7C9D81EC66A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix032:*:*:*:*:*:*","matchCriteriaId":"6BB764B5-79FD-4AB7-B570-0F39F3302EAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix033:*:*:*:*:*:*","matchCriteriaId":"CF791B04-637B-43D6-A9BF-5933821B67CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix034:*:*:*:*:*:*","matchCriteriaId":"99390BD9-19D7-4E08-BDAF-554DC91890E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:ifix035:*:*:*:*:*:*","matchCriteriaId":"41580B59-C1D6-4F78-974A-90ECD3F66354"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:-:*:*:*:*:*:*","matchCriteriaId":"3CB2A4A5-05AB-4591-BC17-508B6CC52D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix001:*:*:*:*:*:*","matchCriteriaId":"AC3523E9-2176-4F06-89DE-B9E39A8B5DFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix002:*:*:*:*:*:*","matchCriteriaId":"2856B724-9102-453D-92D9-D6960D723EEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix003:*:*:*:*:*:*","matchCriteriaId":"9F016ABC-BE79-4979-9A80-777F0D02615F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix004:*:*:*:*:*:*","matchCriteriaId":"B9FC1B96-18D3-4E17-A9F1-B020F0D72590"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix005:*:*:*:*:*:*","matchCriteriaId":"936271E0-3CF6-43CE-81D2-C7B0BEB7BBE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix006:*:*:*:*:*:*","matchCriteriaId":"D34862FD-AE18-46FE-B4E6-AC639120774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix007:*:*:*:*:*:*","matchCriteriaId":"3C3C127B-9AF2-4B7A-ACEE-9A2875CBAE99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix008:*:*:*:*:*:*","matchCriteriaId":"181B8EF5-E34B-41EF-AE2D-3C202D4C88EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix009:*:*:*:*:*:*","matchCriteriaId":"5C8113D3-4934-4551-84BD-FC0A6489F82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix010:*:*:*:*:*:*","matchCriteriaId":"8BE8D6E5-C897-4C58-BE03-C26B4D3C6494"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix011:*:*:*:*:*:*","matchCriteriaId":"BF1CFB7F-F8EB-4D71-8765-07CE49D31189"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix012:*:*:*:*:*:*","matchCriteriaId":"38A55F98-2982-43E1-AE01-37B423C9B481"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix013:*:*:*:*:*:*","matchCriteriaId":"174815C1-90FD-4947-9EB7-9BF713DCD3D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix014:*:*:*:*:*:*","matchCriteriaId":"FA3149F4-EF4C-46F6-8DAF-C9217CF16F59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix015:*:*:*:*:*:*","matchCriteriaId":"3C23BE8B-1492-40F2-A218-CF85A754D4FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix016:*:*:*:*:*:*","matchCriteriaId":"11CFA2C9-C485-4780-A04C-FA39E7E7A3AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:ifix017:*:*:*:*:*:*","matchCriteriaId":"05C3B457-57A8-4DA9-A95E-5D198974A0B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7FAE09FF-371A-4B02-A837-40149E773AE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix001:*:*:*:*:*:*","matchCriteriaId":"E153E7C3-A2A5-4757-9684-3DCBCE05B9F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix002:*:*:*:*:*:*","matchCriteriaId":"0B0984C6-0E92-4493-B0A2-40BC0888F2FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix003:*:*:*:*:*:*","matchCriteriaId":"F62B6927-F717-499A-8EC3-900AC06A3DF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix004:*:*:*:*:*:*","matchCriteriaId":"0883E0E8-8E67-44B8-B0D8-E6D55306B319"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:engineering_workflow_management:7.1.0:ifix007:*:*:*:*:*:*","matchCriteriaId":"E4C0BF7F-D922-49C3-B62C-F904EB1DBCA6"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276371","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10845","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:32.690","lastModified":"2026-06-23T20:36:49.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"WebSphere Application Server","cpes":["cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"8.5.0","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"9.0.0","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:05:58.974560Z","id":"CVE-2026-10845","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0.0","versionEndExcluding":"8.5.5.30","matchCriteriaId":"271A774E-CAB3-4A5F-8450-EADBBA7D8AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndExcluding":"9.0.5.29","matchCriteriaId":"BA0DBCF1-7255-420A-B0A4-04C90BAE14F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*","matchCriteriaId":"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276597","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11942","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-22T16:16:33.423","lastModified":"2026-06-22T18:16:31.580","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Akaunting","product":"Akaunting","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/akaunting/akaunting","versions":[{"version":"3.1.21","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:26:46.963297Z","id":"CVE-2026-11942","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/human","source":"help@fluidattacks.com"},{"url":"https://github.com/akaunting/akaunting","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/human","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11943","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-22T16:16:33.560","lastModified":"2026-06-22T18:16:31.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Akaunting","product":"Akaunting","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/akaunting/akaunting","versions":[{"version":"3.1.21","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:28:03.165408Z","id":"CVE-2026-11943","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/thunder","source":"help@fluidattacks.com"},{"url":"https://github.com/akaunting/akaunting","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/thunder","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12479","sourceIdentifier":"security@huntr.dev","published":"2026-06-22T16:16:33.953","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"keras-team","product":"keras-team/keras","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:29:31.140873Z","id":"CVE-2026-12479","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12628","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:34.230","lastModified":"2026-06-26T20:01:20.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Storage Protect Client","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_protect_client:8.2.1.0:*:*:*:*:*:*:*"],"versions":[{"version":"8.1.0.0","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Storage Protect Snapshot For Windows","defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.2.1.0:*:*:*:*:*:*:*"],"versions":[{"version":"8.1.0.0","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T03:55:26.275060Z","id":"CVE-2026-12628","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:storage_protect:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0","versionEndExcluding":"8.2.1.1","matchCriteriaId":"FDE6B669-C258-4558-A947-6B3B1B785383"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7277245","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49241","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T16:16:36.310","lastModified":"2026-06-26T03:47:27.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations (.vscode/settings.json) without verifying VS Code Workspace Trust state or asking for user consent (located in client/src/client.ts). The client-side extension then passes the parsed settings path as a command-line argument (--tsdk) to the background Node.js language server process. During server initialization, the background language server resolves and dynamically imports (via standard Node.js require()) the module library tsserverlibrary.js relative to the workspace-specified custom directory path. An attacker can exploit this behavior by committing a repository containing a local malicious tsserverlibrary.js script inside a custom folder, and a crafted .vscode/settings.json file pointing to that folder. When a developer opens the repository folder in VS Code, the extension automatically attempts to initialize and load the server, which dynamically resolves, loads, and executes the malicious script silently in the background. This vulnerability is fixed in 21.2.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"angular","product":"angular","versions":[{"version":"< 21.2.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:42:16.744796Z","id":"CVE-2026-49241","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-427"},{"lang":"en","value":"CWE-494"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_language_service:*:*:*:*:*:visual_studio_code:*:*","versionEndExcluding":"21.2.4","matchCriteriaId":"1181F8E6-DA41-4995-BC95-2260526195FD"}]}]}],"references":[{"url":"https://github.com/angular/angular/pull/68857","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/angular/angular/pull/68886","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50178","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T16:16:37.797","lastModified":"2026-06-26T02:57:57.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option (located in client/src/client.ts). This setting instructs VS Code to trust all rendered content it receives, which enables active elements such as command: URIs. However, the background Angular Language Server process fails to escape or sanitize brackets, raw links, and control characters from JSDoc strings before forwarding the hover Markdown content (located in server/src/handlers/hover.ts and server/src/text_render.ts). An attacker can leverage this behavior by crafting a project TypeScript or JavaScript file (or a third-party npm package dependency) containing a malicious JSDoc tooltip with an embedded active command link. When a developer hovers over the target symbol to render the tooltip and clicks the malicious link, the IDE executes the command sequence directly on the developer's host machine. Prior to 21.2.4,  This vulnerability is fixed in 21.2.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"angular","product":"angular","versions":[{"version":"< 21.2.4","status":"affected"}]},{"vendor":"angular","product":"Angular.ng-template","versions":[{"version":"< 21.2.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:04:42.457578Z","id":"CVE-2026-50178","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:angular:angular_language_service:*:*:*:*:*:visual_studio_code:*:*","versionEndExcluding":"21.2.4","matchCriteriaId":"1181F8E6-DA41-4995-BC95-2260526195FD"}]}]}],"references":[{"url":"https://github.com/angular/angular/security/advisories/GHSA-q94j-3wj3-4xcm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53655","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T16:16:38.593","lastModified":"2026-06-26T20:03:47.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including intermediary metadata headers such as a GNU long-name (L) or long-link (K) entry. Per POSIX pax, a PAX extended header (x) describes the next file entry, not the intermediary extension headers that may sit between the x header and the file it annotates. Because node-tar lets the PAX size override the byte length of an intervening L/K/x header, an attacker can desynchronize node-tar's stream cursor relative to every other mainstream tar implementation (GNU tar, libarchive/bsdtar, Python tarfile, and the now-fixed tar-rs / astral-tokio-tar). The result is a tar parser interpretation differential (CWE-436): a single crafted archive yields a different set of members under node-tar than under the reference tar tools. An attacker can use this to hide a member from one parser while it is visible to another, which defeats security tooling whose scanner and extractor disagree on archive contents (e.g. a malware/secret scanner that lists entries with one library while a downstream step extracts with another) This vulnerability is fixed in 7.5.16."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"isaacs","product":"node-tar","versions":[{"version":"< 7.5.16","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:15:18.405283Z","id":"CVE-2026-53655","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.5.16","matchCriteriaId":"ED10D25A-3224-4162-8176-25896AB77D3E"}]}]}],"references":[{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-vmf3-w455-68vh","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/isaacs/node-tar/security/advisories/GHSA-vmf3-w455-68vh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56104","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T16:16:40.227","lastModified":"2026-06-23T16:17:03.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the restore_existing_session path to assume a victim's permissions and roles, enabling unauthorized invocation of tools and access to data restricted to the authenticated victim."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Chainlit","product":"chainlit","defaultStatus":"affected","repo":"https://github.com/Chainlit/chainlit","versions":[{"version":"0","lessThan":"2.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:06:42.802313Z","id":"CVE-2026-56104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Chainlit/chainlit/commit/5effb664f1e0af4a4f0a42fe63ea979676039a7f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Chainlit/chainlit/pull/2857","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Chainlit/chainlit/releases/tag/2.10.1","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/chainlit-session-hijacking-via-websocket-session-restoration","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-7664","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:41.880","lastModified":"2026-06-26T21:29:37.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Langflow OSS","cpes":["cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:langflow_oss:1.8.4:*:*:*:*:*:*:*"],"versions":[{"version":"1.0.0","lessThanOrEqual":"1.8.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:55:59.093462Z","id":"CVE-2026-7664","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.8.4","matchCriteriaId":"35B394DD-448F-48FB-9B71-B478A6F2D632"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7277243","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8059","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:41.997","lastModified":"2026-06-26T21:27:42.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Datacap","cpes":["cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"1.8.4","versionType":"semver","status":"affected"},{"version":"9.1.8","status":"affected"},{"version":"9.1.9","status":"affected"}]},{"vendor":"IBM","product":"Datacap Navigator","cpes":["cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"},{"version":"9.1.8","status":"affected"},{"version":"9.1.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:47:24.755169Z","id":"CVE-2026-8059","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"A4854F9C-EB1F-4277-B07F-9599DA1995DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"AA9CD5BF-61E6-4A91-A0BF-1031F673701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"26A76CB2-197B-4FA9-A6E8-9BE6624DFC5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"69E3630C-FFC5-4421-A739-3AE9C20E8044"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"E31E8529-51AA-4BC8-A905-3BCBD9DACDA1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276609","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8636","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:42.233","lastModified":"2026-06-26T21:20:52.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Datacap","cpes":["cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"1.8.4","versionType":"semver","status":"affected"},{"version":"9.1.8","status":"affected"},{"version":"9.1.9","status":"affected"}]},{"vendor":"IBM","product":"Datacap Navigator","cpes":["cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"},{"version":"9.1.8","status":"affected"},{"version":"9.1.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:07:01.577649Z","id":"CVE-2026-8636","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-316"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"A4854F9C-EB1F-4277-B07F-9599DA1995DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"AA9CD5BF-61E6-4A91-A0BF-1031F673701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"26A76CB2-197B-4FA9-A6E8-9BE6624DFC5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"69E3630C-FFC5-4421-A739-3AE9C20E8044"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"E31E8529-51AA-4BC8-A905-3BCBD9DACDA1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276609","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8646","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:42.360","lastModified":"2026-06-24T05:17:30.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"WebSphere Application Server","cpes":["cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"],"versions":[{"version":"9.0.0","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"WebSphere Application Server - Liberty","cpes":["cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"],"versions":[{"version":"17.0.0.3","lessThanOrEqual":"26.0.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-8646","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0.0","versionEndExcluding":"8.5.5.30","matchCriteriaId":"271A774E-CAB3-4A5F-8450-EADBBA7D8AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndExcluding":"9.0.5.29","matchCriteriaId":"BA0DBCF1-7255-420A-B0A4-04C90BAE14F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*","versionStartIncluding":"17.0.0.3","versionEndExcluding":"26.0.0.7","matchCriteriaId":"6CA8B7A4-4481-42AB-B185-4CD8AEDA4BCA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*","matchCriteriaId":"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276579","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8823","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-22T16:16:42.853","lastModified":"2026-06-26T16:39:58.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669"}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost","defaultStatus":"unaffected","versions":[{"version":"11.7.0","lessThanOrEqual":"11.7.0","versionType":"semver","status":"affected"},{"version":"10.11.0","lessThanOrEqual":"10.11.17","versionType":"semver","status":"affected"},{"version":"11.8.0","status":"unaffected"},{"version":"11.7.1","status":"unaffected"},{"version":"10.11.18","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:12:21.701325Z","id":"CVE-2026-8823","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.18","matchCriteriaId":"96DE4802-EC1E-43F1-BA75-6645A6EE12FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.7.0","versionEndExcluding":"11.7.1","matchCriteriaId":"5B5CE3FF-EE89-4013-821B-3ED4A48B4352"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8934","sourceIdentifier":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","published":"2026-06-22T16:16:43.097","lastModified":"2026-06-22T20:18:53.300","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request.\n\nThis vulnerability was patched on 7 April 2026, and no customer action is needed."}],"affected":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","affectedData":[{"vendor":"Google Cloud","product":"Cloud Console UIs","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2026-04-07","versionType":"date","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"CLEAR"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:28:53.118692Z","id":"CVE-2026-8934","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://docs.cloud.google.com/support/bulletins#gcp-2026-038","source":"f45cbf4e-4146-4068-b7e1-655ffc2c548c"}]}},{"cve":{"id":"CVE-2026-9006","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:43.233","lastModified":"2026-06-24T05:17:30.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"WebSphere Application Server","cpes":["cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"],"versions":[{"version":"9.0","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-9006","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0.0","versionEndExcluding":"8.5.5.30","matchCriteriaId":"271A774E-CAB3-4A5F-8450-EADBBA7D8AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndExcluding":"9.0.5.29","matchCriteriaId":"BA0DBCF1-7255-420A-B0A4-04C90BAE14F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*","matchCriteriaId":"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276600","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9071","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:43.357","lastModified":"2026-06-23T20:46:35.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"WebSphere Application Server","cpes":["cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"],"versions":[{"version":"9.0.0","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"WebSphere Application Server - Liberty","cpes":["cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"],"versions":[{"version":"17.0.0.3","lessThanOrEqual":"26.0.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:37:50.583050Z","id":"CVE-2026-9071","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0.0","versionEndExcluding":"8.5.5.30","matchCriteriaId":"271A774E-CAB3-4A5F-8450-EADBBA7D8AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndExcluding":"9.0.5.29","matchCriteriaId":"BA0DBCF1-7255-420A-B0A4-04C90BAE14F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*","versionStartIncluding":"17.0.0.3","versionEndExcluding":"26.0.0.7","matchCriteriaId":"6CA8B7A4-4481-42AB-B185-4CD8AEDA4BCA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*","matchCriteriaId":"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276579","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9320","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:43.623","lastModified":"2026-06-23T20:46:51.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"WebSphere Application Server","cpes":["cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"],"versions":[{"version":"9.0.0","lessThanOrEqual":"7.0.2 Interim Fix 035","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"7.0.3 Interim Fix 017","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"WebSphere Application Server - Liberty","cpes":["cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:*"],"versions":[{"version":"17.0.0.3","lessThanOrEqual":"26.0.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:05:05.534855Z","id":"CVE-2026-9320","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0.0","versionEndExcluding":"8.5.5.30","matchCriteriaId":"271A774E-CAB3-4A5F-8450-EADBBA7D8AF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0.0","versionEndExcluding":"9.0.5.29","matchCriteriaId":"BA0DBCF1-7255-420A-B0A4-04C90BAE14F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*","versionStartIncluding":"17.0.0.3","versionEndExcluding":"26.0.0.7","matchCriteriaId":"6CA8B7A4-4481-42AB-B185-4CD8AEDA4BCA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*","matchCriteriaId":"C684FC45-C9BA-4EF0-BD06-BB289450DD21"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*","matchCriteriaId":"0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276579","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9610","sourceIdentifier":"psirt@us.ibm.com","published":"2026-06-22T16:16:43.770","lastModified":"2026-06-26T21:19:13.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls."}],"affected":[{"source":"psirt@us.ibm.com","affectedData":[{"vendor":"IBM","product":"Datacap","cpes":["cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"1.8.4","versionType":"semver","status":"affected"},{"version":"9.1.8","versionType":"semver","status":"affected"},{"version":"9.1.9","versionType":"semver","status":"affected"}]},{"vendor":"IBM","product":"Datacap Navigator","cpes":["cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*"],"versions":[{"version":"9.1.7","lessThanOrEqual":"8.2.1.0","versionType":"semver","status":"affected"},{"version":"9.1.8","status":"affected"},{"version":"9.1.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:57:54.703425Z","id":"CVE-2026-9610","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-425"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"A4854F9C-EB1F-4277-B07F-9599DA1995DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"AA9CD5BF-61E6-4A91-A0BF-1031F673701A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*","matchCriteriaId":"26A76CB2-197B-4FA9-A6E8-9BE6624DFC5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*","matchCriteriaId":"69E3630C-FFC5-4421-A739-3AE9C20E8044"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*","matchCriteriaId":"E31E8529-51AA-4BC8-A905-3BCBD9DACDA1"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7276609","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10789","sourceIdentifier":"psirt@autodesk.com","published":"2026-06-22T18:16:30.620","lastModified":"2026-06-24T15:30:29.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user."}],"affected":[{"source":"psirt@autodesk.com","affectedData":[{"vendor":"Autodesk","product":"Fusion","defaultStatus":"unaffected","cpes":["cpe:2.3:a:autodesk:fusion:2703.1.11:*:*:*:*:*:*:*"],"versions":[{"version":"2703.1.11","lessThan":"2703.1.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@autodesk.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-10789","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@autodesk.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*","versionEndExcluding":"2703.1.20","matchCriteriaId":"3FB8F36C-E497-438D-AF08-4EDCBD27BB4D"}]}]}],"references":[{"url":"https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg","source":"psirt@autodesk.com","tags":["Product"]},{"url":"https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe","source":"psirt@autodesk.com","tags":["Product"]},{"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008","source":"psirt@autodesk.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-11825","sourceIdentifier":"security@wordfence.com","published":"2026-06-22T18:16:31.503","lastModified":"2026-06-22T18:16:31.503","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-11994","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-22T18:16:31.797","lastModified":"2026-06-22T19:16:39.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Akaunting","product":"Akaunting","defaultStatus":"unaffected","platforms":["Windows","Linux","MacOS"],"repo":"https://github.com/akaunting/akaunting","versions":[{"version":"3.1.21","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:26:19.439425Z","id":"CVE-2026-11994","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/believer","source":"help@fluidattacks.com"},{"url":"https://github.com/akaunting/akaunting","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/believer","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12249","sourceIdentifier":"security@ubuntu.com","published":"2026-06-22T18:16:31.917","lastModified":"2026-06-22T20:18:53.300","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py), ADSys utilizes a plaintext HTTP connection (http://) instead of a secure HTTPS connection (https://) to request the CA certificate from the Active Directory Certificate Services server (GetCACert). An unauthenticated network attacker positioned between the managed Ubuntu host and the configured AD CS CA hostname can conduct a Man-in-the-Middle (MITM) attack. By intercepting the plaintext HTTP request, the attacker can supply an arbitrary, attacker-controlled Root CA certificate. Because the system automatically accepts this certificate and registers it into the local system trust store via update-ca-certificates, this results in system-wide trust store poisoning. Consequently, TLS clients utilizing the operating system trust store on the affected machine will accept rogue certificates for arbitrary domains, enabling persistent decryption and interception of subsequent TLS connections. This issue is resolved in version v0.16.3."}],"affected":[{"source":"security@ubuntu.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://github.com/ubuntu","packageName":"adsys","repo":"https://github.com/ubuntu/adsys","versions":[{"version":"0.13.0","lessThan":"0.16.3","versionType":"semver","status":"affected"}]},{"vendor":"Canonical","product":"Ubuntu 20.04 LTS","defaultStatus":"unaffected","collectionURL":"https://launchpad.net/ubuntu/focal","packageName":"adsys","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/adsys","versions":[{"version":"0.9.2~20.04.2ubuntu0.1+esm2","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 22.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/jammy","packageName":"adsys","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/adsys","versions":[{"version":"0.16.3~22.04.2ubuntu0.22.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 24.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/noble","packageName":"adsys","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/adsys","versions":[{"version":"0.16.3~24.04.2ubuntu0.24.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 25.10","defaultStatus":"unaffected","collectionURL":"https://launchpad.net/ubuntu/questing","packageName":"adsys","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/adsys","versions":[{"version":"0.16.3","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 26.04 LTS","defaultStatus":"unaffected","collectionURL":"https://launchpad.net/ubuntu/resolute","packageName":"adsys","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/adsys","versions":[{"version":"0.16.4ubuntu1","versionType":"dpkg","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:I/V:D/RE:L/U:Red","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"IRRECOVERABLE","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:30:38.451893Z","id":"CVE-2026-12249","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-348"}]}],"references":[{"url":"https://github.com/ubuntu/adsys/commit/8b1939f96d3827b4426eb06c1ced5bf317b0a99d","source":"security@ubuntu.com"},{"url":"https://ubuntu.com/security/CVE-2026-12249","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-48712","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:39.640","lastModified":"2026-06-26T20:04:06.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject() conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause the JavaScript call stack to be exhausted during conversion to JSON. This vulnerability is fixed in 7.6.1 and 8.4.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":"< 7.6.1","status":"affected"},{"version":">= 8.0.0, < 8.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:50:28.096514Z","id":"CVE-2026-48712","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.6.1","matchCriteriaId":"FD633050-4245-4F93-9387-192E1666148F"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.4.1","matchCriteriaId":"1BB402DF-D02B-4CBF-9A42-120155139E34"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-wcpc-wj8m-hjx6","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49356","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:41.107","lastModified":"2026-06-26T20:04:23.897","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is running Babel, if the attacker controls the input source code, can read the output source code, and knows the path of the source map file that they want to read. This vulnerability is fixed in 8.0.0-rc.6 and 7.29.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"babel","product":"babel","versions":[{"version":">= 8.0.0-alpha.0, < 8.0.0-rc.5","status":"affected"},{"version":"< 7.29.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:22:57.466209Z","id":"CVE-2026-49356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.29.6","matchCriteriaId":"7CA3CCF0-1BB3-421B-A45D-8D3846B977B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha0:*:*:*:*:*:*","matchCriteriaId":"35F6AF6B-8CB6-40BB-B0AE-32E89718ED8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"DAFA4C96-CD2A-47A5-BA4E-134BA1D366B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha10:*:*:*:*:*:*","matchCriteriaId":"BAC310EC-C0CF-4D27-BA54-20B3207B4118"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha11:*:*:*:*:*:*","matchCriteriaId":"80E37BB6-34C2-437B-A9DC-018B23F5E7BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha12:*:*:*:*:*:*","matchCriteriaId":"B74C4261-EB8F-448D-AF41-CB82246C3EB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha13:*:*:*:*:*:*","matchCriteriaId":"BF7E80E5-B02B-481A-B928-748F4ED680BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha14:*:*:*:*:*:*","matchCriteriaId":"ED674570-F784-4DE5-9F47-5692AB00BC14"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha15:*:*:*:*:*:*","matchCriteriaId":"9E6B4629-E2BA-4ED2-AF0D-ADE873EE9727"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha16:*:*:*:*:*:*","matchCriteriaId":"207845B9-8380-4ED7-9AE8-F0C872BBCB7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha17:*:*:*:*:*:*","matchCriteriaId":"2CEDA1E8-20C6-448F-8272-D19318FE8033"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"BD426CF6-E4B7-4F65-9968-A485F745E377"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"92CE9983-D67E-4DE6-B9EE-CCE55DF615E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"66E5DE6B-CD6D-4687-AB1C-90B294DE8DCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha5:*:*:*:*:*:*","matchCriteriaId":"5E3BD45A-177D-4006-8820-EEABE6EF03FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha6:*:*:*:*:*:*","matchCriteriaId":"D9323EF4-77AA-410A-A2F7-D905C6175A64"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha7:*:*:*:*:*:*","matchCriteriaId":"67E62B17-72F2-464F-AB14-E7A9F744AC01"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha8:*:*:*:*:*:*","matchCriteriaId":"BDC6F0F5-3141-41CD-B8D0-13AE9FF4FFEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:alpha9:*:*:*:*:*:*","matchCriteriaId":"FC459C4A-04F3-4521-A7EA-A03A118AA4F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:beta0:*:*:*:*:*:*","matchCriteriaId":"35A391E9-F191-47D1-9261-BDDDFF99DB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"2A97F9D1-C700-419B-83AE-0FC781AA74EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"DEA9CFE5-8A05-4C9C-B2C2-E52FDE8748AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"BAA9BB4D-E826-4784-A336-E0C55B062D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"C9915F12-E44D-4345-9597-371FC707E89D"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"00B61EF2-BE57-4DBA-87FA-A73B7BA6C109"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E405A097-645D-4653-97AD-90F3D0A3F2BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"E5FFF6F2-3D4A-4E68-A93D-A03F106C0095"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:rc4:*:*:*:*:*:*","matchCriteriaId":"95EB7702-7577-4926-8EC8-61C02EE3B95D"},{"vulnerable":true,"criteria":"cpe:2.3:a:babel:babel:8.0.0:rc5:*:*:*:*:*:*","matchCriteriaId":"7C0D1707-31BA-4EAF-9B23-9AFB26704BBF"}]}]}],"references":[{"url":"https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50269","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:42.920","lastModified":"2026-06-26T19:39:57.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.append(headers=...) or Payload.headers, then an attacker may be able to modify the request to inject headers or change the contents of the request. This vulnerability is fixed in 3.14.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:22:25.141712Z","id":"CVE-2026-50269","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"},{"lang":"en","value":"CWE-113"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.0","matchCriteriaId":"CB79CC3D-A03D-42FA-B124-4E63FC9F0A5B"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53537","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.077","lastModified":"2026-06-26T19:54:37.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both are present. RFC 7578 §4.2 explicitly forbids the filename* form in multipart/form-data. Components that follow RFC 7578, or that do not implement RFC 2231/5987 decoding for multipart/form-data (WAFs, proxies, gateways), may interpret such a header differently. An attacker can exploit that difference to smuggle a different field name or filename past an upstream inspector to the backend. This vulnerability is fixed in 0.0.30."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"python-multipart","versions":[{"version":"< 0.0.30","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:03:15.384645Z","id":"CVE-2026-53537","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-436"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*","versionEndExcluding":"0.0.30","matchCriteriaId":"381A8F1D-278D-409F-974A-898BE65DB20C"}]}]}],"references":[{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-vffw-93wf-4j4q","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53538","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.223","lastModified":"2026-06-26T19:52:35.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse (since the CVE-2021-23336 fix) treat only & as a separator. This creates a parser differential: the same bytes are tokenized into different fields than a WHATWG compliant intermediary would produce, allowing an attacker to smuggle extra form fields past an upstream body inspecting component. This vulnerability is fixed in 0.0.30."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"python-multipart","versions":[{"version":"< 0.0.30","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:49:11.715345Z","id":"CVE-2026-53538","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-436"},{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*","versionEndExcluding":"0.0.30","matchCriteriaId":"381A8F1D-278D-409F-974A-898BE65DB20C"}]}]}],"references":[{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-6jv3-5f52-599m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53539","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.360","lastModified":"2026-06-26T19:50:56.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did it fall back to scanning for ;. For a body that uses ; as the separator and contains no &, every field iteration performed a full failed & scan over the entire remaining buffer before locating the nearby ;. With N semicolon separated fields in a chunk of size B, this yields O(B^2) byte comparisons per chunk. An attacker can submit a small crafted body of the form a;a;a;... and cause the parser to spend seconds of CPU per request. A handful of concurrent requests can exhaust worker processes. This vulnerability is fixed in 0.0.30."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"python-multipart","versions":[{"version":"< 0.0.30","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:05:50.901666Z","id":"CVE-2026-53539","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*","versionEndExcluding":"0.0.30","matchCriteriaId":"381A8F1D-278D-409F-974A-898BE65DB20C"}]}]}],"references":[{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-5rvq-cxj2-64vf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53540","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.497","lastModified":"2026-06-26T19:50:18.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. This vulnerability is fixed in 0.0.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"python-multipart","versions":[{"version":"< 0.0.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:21:49.069742Z","id":"CVE-2026-53540","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*","versionEndExcluding":"0.0.31","matchCriteriaId":"B35A0C05-3D3C-4063-8A25-62EEE68E480B"}]}]}],"references":[{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-v9pg-7xvm-68hf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53571","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.667","lastModified":"2026-06-24T20:44:24.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as .env, .env.*, and *.{crt,pem}. However, on Windows, the deny logic does not correctly normalize NTFS ADS path forms before access checks are applied. Because of this, requests such as /.env::$DATA?raw are treated as allowed paths, while Windows resolves them to the original file's default data stream. Similar to that, Windows allows accessing a file using a different name with the 8.3 short name compatibility feature. Vite did not reject accessing files via them. This vulnerability is fixed in 8.0.16, 7.3.5, and 6.4.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vitejs","product":"vite","versions":[{"version":">= 8.0.0, < 8.0.16","status":"affected"},{"version":">= 7.0.0, < 7.3.5","status":"affected"},{"version":"< 6.4.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:07:16.554503Z","id":"CVE-2026-53571","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.4.3","matchCriteriaId":"412254BC-A126-4192-9EFF-03D15A54CBDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.3.5","matchCriteriaId":"979AD4DD-490D-4EF9-ABF5-C96C8A66B69F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.16","matchCriteriaId":"14864657-A0D3-45B8-B171-38F868E084B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:voidzero:vite\\+:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.1.24","matchCriteriaId":"5EA4F51E-F04B-4C35-B272-1A0D9B6F9202"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://github.com/vitejs/vite/security/advisories/GHSA-fx2h-pf6j-xcff","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/vitejs/vite/security/advisories/GHSA-fx2h-pf6j-xcff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53632","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:44.827","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result in credential compromise through offline hash cracking. This vulnerability is fixed in 2.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vitejs","product":"launch-editor","versions":[{"version":"< 2.14.1","status":"affected"}]},{"vendor":"vitejs","product":"vite","versions":[{"version":">= 8.0.0, < 8.0.16","status":"affected"},{"version":">= 7.0.0, < 7.3.5","status":"affected"},{"version":"< 6.4.3","status":"affected"}]},{"vendor":"vitejs","product":"vite-plus","versions":[{"version":"< 0.1.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:29:50.413110Z","id":"CVE-2026-53632","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3","source":"security-advisories@github.com"},{"url":"https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54269","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:45.350","lastModified":"2026-06-24T20:40:20.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names such as $type when loaded through protobufjs JSON/reflection descriptors, and service methods whose generated helper name is rpcCall. When affected message or service types were used, protobufjs could read schema-controlled data where it expected an own-property helper, reflected type metadata, or the base RPC helper. This could cause deterministic exceptions or recursive calls in affected decode post-checks, verification, object conversion, reflected JSON serialization, or protobufjs RPC helper invocation. This vulnerability is fixed in 8.6.0 and 7.6.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":"< 7.6.3","status":"affected"},{"version":">= 8.0.0, < 8.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:07:04.844722Z","id":"CVE-2026-54269","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"},{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.6.3","matchCriteriaId":"63CB499F-BC12-4D70-BD4A-38BD2CE92D99"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.6.0","matchCriteriaId":"287A0FDC-7F44-4088-A0B2-51859135AB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"E1117BF5-FD6A-4DDC-A5A3-681CD7FA937D"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.5.1","matchCriteriaId":"77B18CCF-6A37-4D44-822B-B0102CE8F496"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-f38q-mgvj-vph7","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54270","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:45.480","lastModified":"2026-06-24T20:39:18.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown fields could therefore cause a decoded message to retain substantially more memory than the input size would suggest, even when unknown-field round-tripping is not needed. protobufjs 8.5.0 added the relevant decode-time options, allowing applications that decode untrusted protobuf data to disable unknown-field retention during decode. protobufjs 8.6.2 flips the default so unknown fields are discarded unless explicitly opted into."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobuf.js","versions":[{"version":">=8.2.0, < 8.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:47:41.353008Z","id":"CVE-2026-54270","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.5.0","matchCriteriaId":"A722DAF4-51C8-4165-8DFB-72D52BC31853"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-94rc-8x27-4472","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54271","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:45.610","lastModified":"2026-06-24T20:38:37.047","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas from .proto files is not affected. This is a bypass of CVE-2026-44295. An attacker who can provide or influence pre-parsed JSON descriptors passed to pbjs static code generation may be able to cause generated JavaScript output to contain attacker-controlled code. The injected code may execute if the generated file is later executed or imported and an affected generated API path is invoked. This vulnerability is fixed in 1.3.2 and 2.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"protobufjs","product":"protobufjs-cli","versions":[{"version":"< 1.3.2","status":"affected"},{"version":">= 2.0.0, < 2.4.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:48:57.561501Z","id":"CVE-2026-54271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.3.2","matchCriteriaId":"7453A64C-E2A4-43AA-944C-9445D660FB19"},{"vulnerable":true,"criteria":"cpe:2.3:a:protobufjs_project:protobufjs-cli:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.5.0","matchCriteriaId":"789C6C99-BDE5-4FD9-A95D-4BE0EB3DF8C1"}]}]}],"references":[{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-pr59-h9ph-3fr8","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54273","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:45.743","lastModified":"2026-06-26T19:37:48.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:37:59.063772Z","id":"CVE-2026-54273","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/dfdfa9d5aad5d21f91c79fb2ceeba0f8046cb6cf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4fvr-rgm6-gqmc","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54274","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:45.877","lastModified":"2026-06-26T19:37:06.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:11:47.837374Z","id":"CVE-2026-54274","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/14b6ee851fb16ec199acb950de0c82d476799e7d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xcgm-r5h9-7989","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54275","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.010","lastModified":"2026-06-26T19:36:20.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request server_hostname parameters, then the later calls may succeed by reusing the existing connection when they should have been rejected due to the TLS SNI check. This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:27:21.140999Z","id":"CVE-2026-54275","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4m7w-qmgq-4wj5","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54278","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.393","lastModified":"2026-06-26T19:27:51.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip bomb edge case). This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:51:45.481256Z","id":"CVE-2026-54278","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54279","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.527","lastModified":"2026-06-26T19:36:03.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose their host-only status. This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:40:17.638561Z","id":"CVE-2026-54279","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-665"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2fqr-mr3j-6wp8","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54280","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.670","lastModified":"2026-06-26T19:35:51.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection or similar closes the file. This vulnerability is fixed in 3.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aio-libs","product":"aiohttp","versions":[{"version":"< 3.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:15:32.209522Z","id":"CVE-2026-54280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"620FC726-40A0-4025-A5C6-7B738EC5DE53"}]}]}],"references":[{"url":"https://github.com/aio-libs/aiohttp/commit/a762eda5242f6490d6ba667533193f8b473ad587","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9x8q-7h8h-wcw9","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54282","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.807","lastModified":"2026-06-26T19:18:47.063","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating {scheme}://{host}{path} and re-parsing the result, a path that does not begin with / (for example @google.com) moves the authority boundary during re-parsing, so request.url.hostname and request.url.netloc become attacker-controlled. Code that reads request.url.hostname (rather than the Host header or scope) can therefore be misled into trusting an attacker-supplied host. This vulnerability is fixed in 1.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"starlette","versions":[{"version":"< 1.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:26:39.551031Z","id":"CVE-2026-54282","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*","versionEndExcluding":"1.3.0","matchCriteriaId":"8E74BF7B-56BA-47FC-9912-59DB97B61460"}]}]}],"references":[{"url":"https://github.com/Kludex/starlette/security/advisories/GHSA-jp82-jpqv-5vv3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54283","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:46.943","lastModified":"2026-06-26T19:16:55.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an arbitrarily large number of fields or an arbitrarily large field, even when the application configured limits it believed would apply. This vulnerability is fixed in 1.3.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Kludex","product":"starlette","versions":[{"version":">= 0.4.1, < 1.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:06:30.546768Z","id":"CVE-2026-54283","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:encode:starlette:*:*:*:*:*:python:*:*","versionStartIncluding":"0.4.1","versionEndExcluding":"1.3.1","matchCriteriaId":"2FDB02B2-DCF6-4F2C-B06B-78C015D16494"}]}]}],"references":[{"url":"https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54285","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.077","lastModified":"2026-06-23T16:17:01.470","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound (inject()) path, not on the inbound (extract()) path. Parsing oversized baggage causes memory allocation proportional to the header size without any cap. This vulnerability is fixed in 2.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-telemetry","product":"opentelemetry-js","versions":[{"version":"< 2.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:48:29.048253Z","id":"CVE-2026-54285","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-8988-4f7v-96qf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54286","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.213","lastModified":"2026-06-23T15:16:37.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash (%5C) in the request path decodes to \\, which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\\secret.txt into a nested file under the root and serves it, letting an attacker read static files meant to be protected behind prefix-mounted middleware. This vulnerability is fixed in 4.12.25."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":"< 4.12.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:07:25.570505Z","id":"CVE-2026-54286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-wwfh-h76j-fc44","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54287","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.350","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes (for example Expires dates), clients cannot split the value back into individual cookies and silently drop or misparse them. This vulnerability is fixed in 4.12.25."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":"< 4.12.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:36:53.535644Z","id":"CVE-2026-54287","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-j6c9-x7qj-28xf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54289","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.480","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated request headers such as X-Forwarded-For, Forwarded, and Via are silently truncated to a single value. Request middleware sees only the last value of a repeated header instead of the full chain. For applications that base access control on the X-Forwarded-For chain, this can weaken or alter that decision; for auditing, hop history is lost. This vulnerability is fixed in 4.12.25."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":"< 4.12.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:19:24.735156Z","id":"CVE-2026-54289","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-348"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-wgpf-jwqj-8h8p","source":"security-advisories@github.com"},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-wgpf-jwqj-8h8p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54290","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.620","lastModified":"2026-06-22T19:49:09.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin (the default wildcard), the CORS Middleware reflects the request's Origin and sends Access-Control-Allow-Credentials: true. Any site can then make credentialed cross-origin requests and read the responses, exposing cookie-authenticated endpoints to arbitrary origins. This vulnerability is fixed in 4.12.25."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":"< 4.12.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:26:00.514535Z","id":"CVE-2026-54290","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-88fw-hqm2-52qc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55388","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:47.930","lastModified":"2026-06-23T17:17:08.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When Object.prototype.filename is polluted upstream the inherited value flows to worker_threads.Worker import and the attacker's .mjs runs in the worker. This vulnerability is fixed in 6.0.0-rc.2, 5.2.0, and 4.9.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"piscinajs","product":"piscina","versions":[{"version":"< 4.9.3","status":"affected"},{"version":">= 5.0.0-alpha.0, < 5.2.0","status":"affected"},{"version":">= 6.0.0-rc.1, < 6.0.0-rc.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:50:15.219533Z","id":"CVE-2026-55388","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/piscinajs/piscina/security/advisories/GHSA-x9g3-xrwr-cwfg","source":"security-advisories@github.com"},{"url":"https://github.com/piscinajs/piscina/security/advisories/GHSA-x9g3-xrwr-cwfg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55602","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T18:16:48.073","lastModified":"2026-06-26T20:06:26.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configured host+path key can still route a request to an unintended backend. This vulnerability is fixed in 2.0.10, 3.0.6, and 4.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"chimurai","product":"http-proxy-middleware","versions":[{"version":">= 4.0.0, < 4.1.0","status":"affected"},{"version":">= 3.0.0, < 3.0.6","status":"affected"},{"version":">= 0.16.0, < 2.0.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:17:17.328115Z","id":"CVE-2026-55602","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-187"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*","versionStartIncluding":"0.16.0","versionEndExcluding":"2.0.10","matchCriteriaId":"D3DAE327-1562-441D-B830-469D446A94D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.6","matchCriteriaId":"14022245-63AB-44F8-89C2-06AC2432A8A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.1.0","matchCriteriaId":"474C2CF5-4DCF-455B-A550-EEFDDB585FD4"}]}]}],"references":[{"url":"https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56109","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T18:16:48.557","lastModified":"2026-06-23T15:42:44.400","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parse_def() fails to check return values before continuing, causing snd_config_delete() to be called twice on the same already-freed node, resulting in a NULL-pointer write or invalid memory read."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"alsa-project","product":"alsa-lib","defaultStatus":"affected","repo":"https://github.com/alsa-project/alsa-lib","versions":[{"version":"0","lessThan":"1.2.16.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T17:29:11.617397Z","id":"CVE-2026-56109","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"references":[{"url":"https://github.com/alsa-project/alsa-lib/commit/536dd6f8affdf5197c12a63a71c92a70b2833cc0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/alsa-project/alsa-lib/releases/tag/v1.2.16.1","source":"disclosure@vulncheck.com"},{"url":"https://lore.kernel.org/alsa-devel/CAGt8pqBU0p2voB+qHxWGcNJrKHAcBhAyHUUBPLBN-Yj_SiV6MQ@mail.gmail.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/alsa-library-double-free-via-parse-def-in-conf-c","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11834","sourceIdentifier":"f23511db-6c3e-4e32-a477-6aa17d310630","published":"2026-06-22T19:16:38.963","lastModified":"2026-06-26T22:16:30.897","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A command\ninjection vulnerability has been identified in the DHCP option processing logic\nin multiple TP-Link router models, due to insufficient validation of externally\nsupplied DHCP option data. An adjacent attacker may exploit this\nvulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized\ncommand execution during device initialization or provisioning workflows. This\ntypically occurs when the device is in a factory-default or unconfigured state.\n\n\n\n\n\nSuccessful\nexploitation may allow an adjacent, unauthenticated attacker to execute\narbitrary commands with elevated privileges, potentially leading to full\ncompromise of the affected device and unauthorized administrative control."}],"affected":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","affectedData":[{"vendor":"TP-Link Systems Inc.","product":"Archer MR200 v07","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.3.0 Build 250605","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"Archer MR200 v8","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.0 Build 260605","versionType":"custom","status":"affected"}]},{"vendor":"TP Link Systems Inc.","product":"Archer MR402 v1","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.5.0 Build 260605","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"Archer VR2100 v1","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"EU_V1_260330","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"Archer C20 v5","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"EU_V5_260317","versionType":"custom","status":"affected"},{"version":"0","lessThan":"US_V5_260419","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"Archer C20 v6","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"V6_260608","versionType":"custom","status":"affected"}]},{"vendor":"TP-Link Systems Inc.","product":"TL-MR6400 v7","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.7.0 Build 260413","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-11834","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://mattg.systems/posts/cve-2026-11834/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/archer-c20/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/archer-mr200/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/archer-mr402/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/archer-vr2100/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/en/support/download/tl-mr6400/v7/#Firmware","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/download/archer-c20/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"},{"url":"https://www.tp-link.com/us/support/faq/5141/","source":"f23511db-6c3e-4e32-a477-6aa17d310630"}]}},{"cve":{"id":"CVE-2026-50146","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:04.610","lastModified":"2026-06-23T15:16:35.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This vulnerability is fixed in 6.3.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"withastro","product":"astro","versions":[{"version":"< 6.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:10:27.383142Z","id":"CVE-2026-50146","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.3.3","matchCriteriaId":"B0FB17C0-D120-457E-B553-4BA1F86D731D"}]}]}],"references":[{"url":"https://github.com/withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53663","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:13.167","lastModified":"2026-06-23T16:04:55.583","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections (CORS preflight, SameSite cookies) already block the cross-origin attack vectors that this missing CSRF check would otherwise gate. This vulnerability is fixed in 7.15.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"remix-run","product":"react-router","versions":[{"version":">= 7.12.0, < 7.15.1","status":"affected"}]},{"vendor":"@remix-run","product":"server-runtime","versions":[{"version":">= 2.17.3, < 2.17.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:52:41.379004Z","id":"CVE-2026-53663","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/remix-run/react-router/security/advisories/GHSA-84g9-w2xq-vcv6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53778","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T19:17:13.453","lastModified":"2026-06-22T19:17:13.453","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-53779","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T19:17:13.513","lastModified":"2026-06-23T15:42:30.483","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in handler/router.go. Attackers can exploit the discrepancy between Go's forward-slash-only path normalization and Windows file system APIs that treat backslashes and forward slashes as equivalent to access arbitrary files on the host filesystem accessible to the server process."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"webp-sh","product":"webp_server_go","defaultStatus":"affected","repo":"https://github.com/webp-sh/webp_server_go","versions":[{"version":"0","lessThan":"0.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:12:03.904360Z","id":"CVE-2026-53779","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/webp-sh/webp_server_go/commit/eb3b5f9289b331cb639cd610b0d1c532d2cc24e0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/webp-sh/webp_server_go/pull/451","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/webp-server-go-path-traversal-via-backslash-encoding-on-windows","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-54288","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:19.553","lastModified":"2026-06-23T15:16:37.337","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge) the body is delivered fully buffered and the adapter builds the request with the client-declared Content-Length, which need not match the actual payload. A client can declare a tiny Content-Length while sending a much larger body, slipping past the limit. This vulnerability is fixed in 4.12.25."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"honojs","product":"hono","versions":[{"version":"< 4.12.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:16:43.807363Z","id":"CVE-2026-54288","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-rv63-4mwf-qqc2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54298","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:21.120","lastModified":"2026-06-23T17:17:05.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax {...props} on an HTML element and the object keys come from an untrusted source (API, CMS, URL parameters), an attacker can inject arbitrary HTML attributes including event handlers like onmousemove, onclick, or break out of the attribute context entirely to inject new elements. This vulnerability is fixed in 6.4.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"withastro","product":"astro","versions":[{"version":"< 6.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:10:36.215521Z","id":"CVE-2026-54298","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.4.6","matchCriteriaId":"26967691-D061-4128-B17E-09F6E00CB91B"}]}]}],"references":[{"url":"https://github.com/withastro/astro/security/advisories/GHSA-jrpj-wcv7-9fh9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-jrpj-wcv7-9fh9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54299","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:21.260","lastModified":"2026-06-23T16:17:01.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header is not validated against allowedDomains, an attacker can point the fetch at an arbitrary host and read the response. This vulnerability is fixed in 6.4.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"withastro","product":"astro","versions":[{"version":"< 6.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:50:10.334083Z","id":"CVE-2026-54299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.4.6","matchCriteriaId":"26967691-D061-4128-B17E-09F6E00CB91B"}]}]}],"references":[{"url":"https://github.com/withastro/astro/security/advisories/GHSA-2pvr-wf23-7pc7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54300","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:21.400","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"withastro","product":"astro","versions":[{"version":"< 7.0.13","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:08:19.830018Z","id":"CVE-2026-54300","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38","source":"security-advisories@github.com"},{"url":"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55443","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T19:17:21.537","lastModified":"2026-06-26T20:05:46.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or the resolved target of matched files, so glob patterns and symlinks can reach files outside the configured root; prompt- and chain/agent-configuration loaders that accept path fields and resolve them without confining the result to a trusted base or rejecting symlink targets; and path-prefix authorization checks that compare by string prefix without a path-segment boundary, so a sibling path sharing the prefix is accepted. When these components receive path values, search patterns, or workspace contents influenced by an untrusted source — including an LLM acting on untrusted input — the result can be disclosure of files outside the intended boundary. This vulnerability is fixed in 1.3.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langchain-ai","product":"langchain","versions":[{"version":"< 1.3.9","status":"affected"}]},{"vendor":"langchain-ai","product":"langchain-anthropic","versions":[{"version":"< 1.4.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T19:51:55.399642Z","id":"CVE-2026-55443","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.9","matchCriteriaId":"3E4927DE-8BE0-4B72-A61C-73CB128B6029"}]}]}],"references":[{"url":"https://github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/langchain-ai/langchain/security/advisories/GHSA-gr75-jv2w-4656","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44271","sourceIdentifier":"security_alert@emc.com","published":"2026-06-22T20:16:29.090","lastModified":"2026-06-26T19:14:35.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite (WMS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2605","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:13:32.446587Z","id":"CVE-2026-44271","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"2605","matchCriteriaId":"E24E4F59-E42D-40A3-9451-3662C7B11EA3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44272","sourceIdentifier":"security_alert@emc.com","published":"2026-06-22T20:16:29.227","lastModified":"2026-06-26T19:13:45.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite (WMS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2605","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:56:08.817867Z","id":"CVE-2026-44272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"2605","matchCriteriaId":"E24E4F59-E42D-40A3-9451-3662C7B11EA3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44273","sourceIdentifier":"security_alert@emc.com","published":"2026-06-22T20:16:29.350","lastModified":"2026-06-26T19:13:21.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite (WMS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2605","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-44273","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1392"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"2605","matchCriteriaId":"E24E4F59-E42D-40A3-9451-3662C7B11EA3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44274","sourceIdentifier":"security_alert@emc.com","published":"2026-06-22T20:16:29.467","lastModified":"2026-06-26T19:15:05.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite (WMS)","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2605","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T03:56:07.740762Z","id":"CVE-2026-44274","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"2605","matchCriteriaId":"E24E4F59-E42D-40A3-9451-3662C7B11EA3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39904","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T21:16:23.873","lastModified":"2026-06-23T15:17:32.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes Office documents as ZIP archives and calls ioutil.ReadAll() on each contained file entry without enforcing size restrictions on uncompressed content, allowing a zip bomb payload to expand to several gigabytes in memory and cause the process to be terminated by the operating system."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"gophish","product":"gophish","defaultStatus":"affected","repo":"https://github.com/gophish/gophish","versions":[{"version":"0","lessThanOrEqual":"0.12.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:09:33.438481Z","id":"CVE-2026-39904","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/ashikmd7/GoPhish-0.12.1/blob/main/Unbounded%20Memory%20Allocation%20in%20Office%20Attachment%20Processing%20Leads%20to%20Server%20DoS/README.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gophish-denial-of-service-via-office-document-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-41479","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.017","lastModified":"2026-06-26T20:10:38.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response_type and supplies an attacker-controlled redirect_uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a result, an attacker does not need a valid client registration, an authenticated user, or any prior state. A single request to the authorization endpoint is enough to obtain a 302 Location response to an arbitrary attacker-controlled URL. This vulnerability is fixed in 1.6.10 and 1.7.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"authlib","product":"authlib","versions":[{"version":"< 1.6.10","status":"affected"},{"version":"= 1.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:01:50.345168Z","id":"CVE-2026-41479","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.10","matchCriteriaId":"AD545CB1-0B23-4525-9346-4CCCD801CDE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:authlib:authlib:1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"23EF713E-4717-41F6-A5C2-26365D1A763A"}]}]}],"references":[{"url":"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/authlib/authlib/security/advisories/GHSA-w8p2-r796-3vmq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45034","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.403","lastModified":"2026-06-23T16:16:59.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parse_url($filename, PHP_URL_SCHEME) and then checks is_string($scheme) && strlen($scheme) > 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to \"does the path contain a wrapper\". When the input has the form phar:///path/file.phar/inner with three or more slashes after the scheme, parse_url returns boolean false instead of returning the scheme string. The is_string($scheme) branch is therefore skipped, the helper returns without throwing, and the caller proceeds. PHP's stream layer, however, still treats phar:///... as a valid phar wrapper and opens the underlying phar file. The result is that IOFactory::load($attackerPath) walks past the patch and still touches the phar wrapper. On PHP 7.x, simply reaching the phar wrapper via is_file is enough for PHP to automatically deserialize the phar metadata, which in turn invokes the magic methods __wakeup and __destruct of an attacker controlled object and gives full RCE. On PHP 8.x, automatic metadata deserialization for plain file ops was removed, so the chain at the PhpSpreadsheet layer reduces to a phar wrapper file read primitive, and RCE only resurfaces if the downstream consumer ever calls Phar::getMetadata. This vulnerability is fixed in 1.30.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PHPOffice","product":"PhpSpreadsheet","versions":[{"version":"< 1.30.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:02:17.578308Z","id":"CVE-2026-45034","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-87m4-826x-3crx","source":"security-advisories@github.com"},{"url":"https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-87m4-826x-3crx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47240","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.543","lastModified":"2026-06-23T16:16:59.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.  A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby","product":"net-imap","versions":[{"version":">= 0.6.0, < 0.6.4.1","status":"affected"},{"version":"< 0.5.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:52:09.927243Z","id":"CVE-2026-47240","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47241","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.677","lastModified":"2026-06-23T15:16:34.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby","product":"net-imap","versions":[{"version":">= 0.6.0, < 0.6.4.1","status":"affected"},{"version":"< 0.5.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:16:22.874467Z","id":"CVE-2026-47241","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-162"},{"lang":"en","value":"CWE-182"},{"lang":"en","value":"CWE-186"}]}],"references":[{"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47242","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.807","lastModified":"2026-06-23T15:03:56.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences. While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. This vulnerability is fixed in 0.6.5 and 0.5.15."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby","product":"net-imap","versions":[{"version":">= 0.6.0, < 0.6.4.1","status":"affected"},{"version":"< 0.5.15","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:06:42.230852Z","id":"CVE-2026-47242","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49460","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:24.940","lastModified":"2026-06-25T16:51:17.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"py-pdf","product":"pypdf","versions":[{"version":"< 6.12.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:04:25.948226Z","id":"CVE-2026-49460","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.2","matchCriteriaId":"5C2CE0B8-58A8-4DC3-B3FD-49D37AF004E0"}]}]}],"references":[{"url":"https://github.com/py-pdf/pypdf/pull/3806","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.12.2","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-5hgr-hg42-57jg","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49461","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.070","lastModified":"2026-06-25T16:48:15.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"py-pdf","product":"pypdf","versions":[{"version":"< 6.12.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:23:13.224222Z","id":"CVE-2026-49461","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.2","matchCriteriaId":"5C2CE0B8-58A8-4DC3-B3FD-49D37AF004E0"}]}]}],"references":[{"url":"https://github.com/py-pdf/pypdf/pull/3805","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.12.2","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-j543-4vmf-qm7v","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54530","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.420","lastModified":"2026-06-25T16:47:28.623","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"py-pdf","product":"pypdf","versions":[{"version":"< 6.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:52:35.536228Z","id":"CVE-2026-54530","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.0","matchCriteriaId":"EF88E07B-1F21-46B2-87E1-8F7926520048"}]}]}],"references":[{"url":"https://github.com/py-pdf/pypdf/pull/3830","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.13.0","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54531","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.550","lastModified":"2026-06-25T16:46:14.707","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"py-pdf","product":"pypdf","versions":[{"version":"< 6.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:17:27.850481Z","id":"CVE-2026-54531","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.0","matchCriteriaId":"EF88E07B-1F21-46B2-87E1-8F7926520048"}]}]}],"references":[{"url":"https://github.com/py-pdf/pypdf/pull/3830","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.13.0","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-m2v9-299j-rv96","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54651","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.680","lastModified":"2026-06-24T16:41:34.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"py-pdf","product":"pypdf","versions":[{"version":"< 6.13.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:09:57.316922Z","id":"CVE-2026-54651","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.1","matchCriteriaId":"0A87384C-1CD8-4894-BD43-AC5FBD18F459"}]}]}],"references":[{"url":"https://github.com/py-pdf/pypdf/pull/3839","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.13.1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-g9xf-7f8q-9mcj","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55599","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.903","lastModified":"2026-06-26T20:10:05.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature() reads a URL out of that certificate's Authority Information Access (AIA) extension and connects to it. Attacker who supplies certificate fully controls host, port, and path of that connection. URL fetching is enabled by default, and no destination is blocked. An unauthenticated attacker can therefore make a validating server open connections to internal hosts and ports it should never reach, for example loopback 127.0.0.1, cloud metadata address 169.254.169.254, and internal-only services. This is a server-side request forgery (SSRF) caused by an insecure default. This vulnerability is fixed in 1.0.30, 2.0.55, and 3.0.54."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"phpseclib","product":"phpseclib","versions":[{"version":">= 0.1.1, < 1.0.30","status":"affected"},{"version":">= 2.0.0, < 2.0.55","status":"affected"},{"version":">= 3.0.0, < 3.0.54","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:12:41.401298Z","id":"CVE-2026-55599","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*","versionStartIncluding":"0.1.1","versionEndExcluding":"1.0.30","matchCriteriaId":"904AD9BC-EED0-43F3-80F9-C4617CA0D15F"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.55","matchCriteriaId":"5BEE9570-5BD0-4C69-B435-B8CB4EFFB05A"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpseclib:phpseclib:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.54","matchCriteriaId":"97CEDD42-244C-42D8-8BCC-AB611550E504"}]}]}],"references":[{"url":"https://github.com/phpseclib/phpseclib/security/advisories/GHSA-m557-wrgg-6rp4","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/phpseclib/phpseclib/security/advisories/GHSA-m557-wrgg-6rp4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55603","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:26.033","lastModified":"2026-06-24T16:44:28.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData(), which interpolates each req.body key and value directly into the multipart wire format without neutralizing CR/LF. A \\r\\n inside a value (or key) lets an attacker close the current part and inject an entirely new form part. Because the proxy's own body parser saw a single opaque value, any gateway-side policy or validation performed on req.body is evaluated against a different set of fields than the upstream backend ultimately parses a request/parameter desynchronization across the trust boundary. This vulnerability is fixed in 3.0.7 and 4.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"chimurai","product":"http-proxy-middleware","versions":[{"version":">= 3.0.4, < 3.0.7","status":"affected"},{"version":">= 4.0.0, < 4.1.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:20:45.426994Z","id":"CVE-2026-55603","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.4","versionEndExcluding":"3.0.7","matchCriteriaId":"8281B19B-A543-4996-B6E0-3A43AD44585B"},{"vulnerable":true,"criteria":"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.1.1","matchCriteriaId":"D9D194C5-E95E-410C-BFB4-A36DCC12F656"}]}]}],"references":[{"url":"https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71339","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:45.053","lastModified":"2026-06-23T16:16:58.803","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Picklescan","product":"Picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.33","versionType":"semver","status":"affected"},{"version":"0.0.33","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:54:23.953576Z","id":"CVE-2025-71339","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6556-fwc2-fg2p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-numpy-f2py-crackfortran-eval-length-gadget","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6556-fwc2-fg2p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71344","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:45.220","lastModified":"2026-06-23T19:17:06.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip._run_pip calls in __reduce__ methods bypass picklescan detection and achieve remote code execution upon pickle.load() invocation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.30","versionType":"semver","status":"affected"},{"version":"0.0.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:22:22.820226Z","id":"CVE-2025-71344","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-xp4f-hrf8-rxw7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-ensurepip-run-pip-function","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-xp4f-hrf8-rxw7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71358","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:45.360","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.29","versionType":"semver","status":"affected"},{"version":"0.0.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:10:42.513204Z","id":"CVE-2025-71358","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6w4w-5w54-rjvr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idlelib-autocomplete-autocomplete-get-entity","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6w4w-5w54-rjvr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44311","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.200","lastModified":"2026-06-26T20:09:01.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG() method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when converted into SVG <stop> elements. If an application renders the generated SVG string into the DOM, this may allow an attacker to inject arbitrary HTML/SVG and execute JavaScript in the victim's browser. This vulnerability is fixed in 7.4.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"fabricjs","product":"fabric.js","versions":[{"version":"< 7.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:13:31.986414Z","id":"CVE-2026-44311","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fabricjs:fabric.js:*:*:*:*:*:node.js:*:*","versionEndExcluding":"7.4.0","matchCriteriaId":"2CECE580-6FAD-4A26-9163-2CED7A5EEAFF"}]}]}],"references":[{"url":"https://github.com/fabricjs/fabric.js/releases/tag/v740","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fabricjs/fabric.js/security/advisories/GHSA-w22m-hvvm-xmwx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/fabricjs/fabric.js/security/advisories/GHSA-w22m-hvvm-xmwx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44889","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.350","lastModified":"2026-06-26T20:08:22.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit strips ASCII tab, carriage return, and newline characters before parsing, so a redirect target containing such characters can be reinterpreted as a protocol-relative URL whose authority is an attacker-controlled host. This bypasses the CVE-2024-42353 fix that escaped a leading double slash, allowing an attacker who influences the redirect location to send users to an arbitrary external site instead of the intended one. This vulnerability is fixed in 1.8.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Pylons","product":"webob","versions":[{"version":"< 1.8.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:58:48.576241Z","id":"CVE-2026-44889","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pylonsproject:webob:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.10","matchCriteriaId":"651738A5-12CA-4A99-A8D4-91AFDA2EE7E3"}]}]}],"references":[{"url":"https://github.com/Pylons/webob/security/advisories/GHSA-fh3h-vg37-cc95","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48067","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.480","lastModified":"2026-06-23T15:16:34.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery() method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the Livewire component's state and submit an out-of-scope value. This vulnerability is fixed in filament/actions  4.11.4 and 5.6.4 and filament/tables 3.3.51."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 4.0.0, < 4.11.4","status":"affected"},{"version":">= 5.0.0, < 5.6.4","status":"affected"},{"version":">= 3.0.0, < 3.3.51","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:29:10.944113Z","id":"CVE-2026-48067","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-7q3w-xqjw-g3cr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48109","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.617","lastModified":"2026-06-23T17:25:43.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote attacker can send a crafted MessagePack payload with manipulated LZ4 token/length fields to force out-of-bounds reads from the compressed input buffer. In affected environments, this can trigger an AccessViolationException during decompression, causing process termination (denial of service). Under some conditions, limited unintended memory disclosure from over-read data may also be possible before failure. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.1.7, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:14:22.316983Z","id":"CVE-2026-48109","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-hv8m-jj95-wg3x","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48166","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.750","lastModified":"2026-06-23T15:03:56.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email. This vulnerability is fixed in 4.11.5 and 5.6.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 4.0.0, < 4.11.5","status":"affected"},{"version":">= 5.0.0, < 5.6.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:28:19.870932Z","id":"CVE-2026-48166","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-5w46-g9pq-wh6f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48167","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:46.890","lastModified":"2026-06-23T15:03:56.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant malicious HTML or JavaScript and achieve stored XSS that executes for users who view the table or schema. This vulnerability is fixed in 4.11.5 and 5.6.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 4.0.0, < 4.11.5","status":"affected"},{"version":">= 5.0.0, < 5.6.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:31:17.201932Z","id":"CVE-2026-48167","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-3fc8-8hp6-6jr4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48500","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.013","lastModified":"2026-06-23T15:16:34.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, some schemas, such as the panel login form, do not require file uploads, and exposing unauthenticated temporary file uploads on these components is not an acceptable risk. On these components, an unauthenticated attacker could upload arbitrary files to the application's temporary storage, which could be abused to exhaust disk space or inflate storage costs. This vulnerability is fixed in 3.3.52, 4.11.5, and 5.6.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 3.0.0, < 3.3.52","status":"affected"},{"version":">= 5.0.0, < 5.6.5","status":"affected"},{"version":">= 4.0.0, < 4.11.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:51:46.634712Z","id":"CVE-2026-48500","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-44wp-g8f4-f4v5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48502","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.147","lastModified":"2026-06-23T17:25:05.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension length. In the slow path for timestamp extension parsing, the computed tokenSize includes the extension body length from the wire and is used in a stackalloc operation before the extension length is validated as one of the valid timestamp sizes. A very small payload can claim a large timestamp extension body and cause a stack allocation large enough to trigger an uncatchable StackOverflowException, terminating the host process. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.1.7, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:58:22.893152Z","id":"CVE-2026-48502","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-407"},{"lang":"en","value":"CWE-409"},{"lang":"en","value":"CWE-470"},{"lang":"en","value":"CWE-502"},{"lang":"en","value":"CWE-674"},{"lang":"en","value":"CWE-789"},{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-382j-8mxh-c7x2","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48505","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.303","lastModified":"2026-06-23T15:16:35.047","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and their recovery codes, they get two authenticated sessions per recovery code burned instead of one, or more if they batch the parallel submissions wider, materially extending the attacker's window of access compared to what the single-use guarantee implies. This vulnerability is fixed in 4.11.5 and 5.6.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 4.0.0, < 4.11.5","status":"affected"},{"version":">= 5.0.0, < 5.6.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:28:27.382918Z","id":"CVE-2026-48505","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-841"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-mc5j-f6wx-h9qh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48506","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.437","lastModified":"2026-06-23T17:24:50.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the library's documented protection against deeply nested object graphs. Many generated and dynamic formatters call reader.Skip() when they encounter unknown map keys, unknown array members, ignored fields, or data that should be skipped for forward compatibility. A deeply nested value in one of these skipped positions can therefore cause unbounded recursion and an uncatchable StackOverflowException. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.1.7, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:13:49.801472Z","id":"CVE-2026-48506","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-vh6j-jc39-fggf","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48509","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.573","lastModified":"2026-06-25T16:16:35.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary. This insecure default can expose applications to denial-of-service attacks that MessagePackSecurity.UntrustedData is intended to mitigate, such as hash-collision attacks against dictionary-like model properties. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:36:18.860613Z","id":"CVE-2026-48509","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-2f33-pr97-265q","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48510","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.713","lastModified":"2026-06-25T16:16:35.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed data is valid or that the declared expansion is reasonable. A small payload can claim a very large uncompressed length and force a large allocation before LZ4 decoding begins. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:29:42.448452Z","id":"CVE-2026-48510","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-v72x-2h86-7f8m","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48511","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.840","lastModified":"2026-06-25T16:16:35.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary<string, object>.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many distinct keys can require repeated linear scans and array copies. For large attacker-controlled maps, this produces quadratic CPU and allocation behavior. The issue is especially surprising because ExpandoObjectResolver.Options is configured with MessagePackSecurity.UntrustedData, but collision-resistant dictionary comparers cannot protect ExpandoObject insertion internals. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:59:06.453673Z","id":"CVE-2026-48511","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-2x83-8g95-xh59","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48512","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:47.970","lastModified":"2026-06-25T16:16:36.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization. MessagePackSerializer.ConvertFromJson recursively processes nested JSON arrays and objects in FromJsonCore() without consulting MessagePackSecurity.MaximumObjectGraphDepth. TinyJsonReader.ReadNextToken() recursively consumes comma and colon separator characters, allowing even malformed JSON with long separator runs to consume one stack frame per character. MessagePackSerializer.ConvertToJson applies depth checks to arrays and maps, but the typeless extension branch for ext-100 recursively calls ToJsonCore() without applying MessagePackSecurity.DepthStep(ref reader). Each path can allow attacker-controlled input to exhaust the process stack and trigger an uncatchable StackOverflowException instead of failing with a catchable parse or serialization exception.  This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:56:50.903334Z","id":"CVE-2026-48512","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-cj9g-3mj2-g8vv","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48513","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:48.100","lastModified":"2026-06-25T16:16:36.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStep(ref reader) and do not decrement reader.Depth around recursive deserialization and skip paths. This means union deserialization does not consistently participate in the maximum object graph depth enforcement that protects other recursive formatter paths. For unknown union keys, the emitted deserializer calls reader.Skip() on attacker-controlled data without an enclosing depth step. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:25:43.764541Z","id":"CVE-2026-48513","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-wfr3-xj75-pfwh","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48514","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:48.230","lastModified":"2026-06-25T16:16:36.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase<T>.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes. The outer extension header is bounded by available input, but that bound is not used to constrain the inner byteLength before allocation. A very small payload can therefore request a very large T[] allocation. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:13:14.178897Z","id":"CVE-2026-48514","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-w567-gjr2-hm5j","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48515","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:48.360","lastModified":"2026-06-25T17:16:39.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T[,], T[,,], or T[,,,] before validating that the dimension product matches the encoded element count. The formatter reads a guarded element array header, but allocation of the target multi-dimensional array happens before the dimensions are checked against that element count. A small payload can therefore declare large dimensions, provide an empty or tiny inner array, and cause a large heap allocation before element data is validated. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:52:33.325154Z","id":"CVE-2026-48515","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-cxmj-83gh-fp49","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48516","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:48.490","lastModified":"2026-06-25T17:16:39.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter<TKey,TElement> constructs an internal Dictionary<TKey, IGrouping<TKey,TElement>> with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer<TKey>(). This formatter omission allows hash-collision CPU denial of service against ILookup<TKey,TElement> even when the application has opted into the untrusted-data security posture This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:28:14.996422Z","id":"CVE-2026-48516","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-q2h6-ghwm-5qm8","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48517","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:48.623","lastModified":"2026-06-25T17:16:39.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type) as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments. As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type. This vulnerability is fixed in 2.5.301 and 3.1.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MessagePack-CSharp","product":"MessagePack-CSharp","versions":[{"version":">= 3.0, < 3.1.7","status":"affected"},{"version":"< 2.5.301","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:05:47.783171Z","id":"CVE-2026-48517","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-470"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionEndExcluding":"2.5.301","matchCriteriaId":"1B965ABC-EE02-45D7-895A-E05EE88CF67B"},{"vulnerable":true,"criteria":"cpe:2.3:a:messagepack:messagepack:*:*:*:*:*:c\\#:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"3.1.7","matchCriteriaId":"FD170D86-D657-4F8D-99BF-9624CDC0287A"}]}]}],"references":[{"url":"https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54281","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:49.433","lastModified":"2026-06-24T05:17:29.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes() API on the Fastify adapter, an unauthenticated client can bypass the Nest middleware registered for that route by simply appending a trailing slash (/) to the request URL. This bypass works on the default Fastify adapter configuration. This vulnerability is fixed in 11.1.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nestjs","product":"nest","versions":[{"version":"< 11.1.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-54281","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nestjs/nest/security/advisories/GHSA-6v32-fjc9-9qf6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54911","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:50.397","lastModified":"2026-06-26T20:10:54.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity issues. This vulnerability is fixed in 5.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ultrajson","product":"ultrajson","versions":[{"version":"< 5.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:19:57.855154Z","id":"CVE-2026-54911","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ultrajson_project:ultrajson:*:*:*:*:*:python:*:*","versionEndExcluding":"5.13.0","matchCriteriaId":"A5802005-78C3-4A11-B9DE-1CCD143A155B"}]}]}],"references":[{"url":"https://github.com/ultrajson/ultrajson/commit/169eaf36b1116fece5034ee79a7a0ef3f6deedcf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ultrajson/ultrajson/releases/tag/5.13.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/ultrajson/ultrajson/security/advisories/GHSA-3j69-69wj-xqx2","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55409","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T22:16:50.533","lastModified":"2026-06-23T15:03:56.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the form. This vulnerability is fixed in 3.3.53."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filamentphp","product":"filament","versions":[{"version":">= 3.0.0, < 3.3.53","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:14:53.175913Z","id":"CVE-2026-55409","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/filamentphp/filament/security/advisories/GHSA-m9cv-24rx-8mv7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56221","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:50.670","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary SQL through deviceIds, search, version_name, cursor, and actions parameters to access analytics data belonging to other users or applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:24:14.247287Z","id":"CVE-2026-56221","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-f83x-p28r-pf74","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-sql-injection-in-cloudflare-analytics-engine-queries-via-cloudflare-ts","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-f83x-p28r-pf74","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56255","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:50.803","lastModified":"2026-06-23T15:16:38.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate approximately 138 database write operations per request, causing degraded performance, increased costs, and potential service instability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:20:47.897076Z","id":"CVE-2026-56255","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q2xx-6h9x-43fw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-denial-of-service-via-unlimited-demo-app-creation","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q2xx-6h9x-43fw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56268","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.063","lastModified":"2026-06-25T16:50:57.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace that have no API key assigned, because the underlying query lacks any workspace filter. An attacker with a valid API key for one workspace can therefore retrieve the full ChatFlow configuration (including flowData with system prompts and node configurations, chatbotConfig, apiConfig, and credential IDs) of unprotected chatflows belonging to other workspaces."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.1.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:54:51.084245Z","id":"CVE-2026-56268","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.2","matchCriteriaId":"7CB8FEE7-C35E-4F6A-A394-033B158A1552"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c2c9-mfw7-p8hw","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-cross-workspace-information-disclosure-via-chatflows-apikey-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c2c9-mfw7-p8hw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56280","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.197","lastModified":"2026-06-24T19:17:13.437","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect() using the privileged server-side BUILDER_API_KEY when clients disconnect, bypassing the app.build_native permission check required by the explicit POST /build/cancel/:jobId endpoint. Attackers with read-only API keys can repeatedly disrupt native build operations and CI/CD workflows by opening the log stream and dropping the connection."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:04:44.259323Z","id":"CVE-2026-56280","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-95g7-xwwx-j737","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-privilege-inversion-in-build-log-stream-via-sse-disconnect","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-95g7-xwwx-j737","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56306","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.333","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header to disable limited key scoping and execute requests using the main API key context instead of restricted subkey permissions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:11:21.691436Z","id":"CVE-2026-56306","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-42vv-8j94-24wj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-subkey-enforcement-bypass-via-x-limited-key-id-header-parsing","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-42vv-8j94-24wj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56311","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.470","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information including MAU, bandwidth, storage, and build time limits for any organization."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:25:36.403025Z","id":"CVE-2026-56311","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-v3jp-r95g-x4mm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-cross-tenant-disclosure-via-get-current-plan-max-org-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-v3jp-r95g-x4mm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56314","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.603","lastModified":"2026-06-23T15:16:38.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain selectable. Attackers can continue deploying deleted bundles to devices by exploiting the missing app_versions.deleted filter in channel version joins."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.12","versionType":"semver","status":"affected"},{"version":"12.128.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:22:32.330310Z","id":"CVE-2026-56314","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-672"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hqq2-87cp-j83x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-deleted-bundle-selection-via-missing-deletion-filter-in-updates-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hqq2-87cp-j83x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56321","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.737","lastModified":"2026-06-23T15:16:38.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware layer. The handler still performs its own authorization check and returns Unauthorized, so no direct data exposure occurs; the flaw is inconsistent authentication enforcement across HTTP methods that could enable authorization bypass if the handler logic changes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:53:42.602114Z","id":"CVE-2026-56321","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6c9f-9v99-26ww","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-missing-authentication-middleware-on-get-private-role-bindings-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6c9f-9v99-26ww","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56323","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:51.887","lastModified":"2026-06-23T16:17:05.287","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary app_id parameters to disclose internal rollout channels, enumerate valid applications across tenants, and leak billing status without authentication or device binding."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:55:19.676335Z","id":"CVE-2026-56323","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-469v-6vw5-hxpq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-channel-enumeration-and-app-oracle-via-get-channel-self","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-469v-6vw5-hxpq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56324","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.063","lastModified":"2026-06-24T16:16:33.923","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter. Attackers can send multiple requests per second by changing device_id values to flood the channel_devices table and cause database exhaustion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:34:35.330936Z","id":"CVE-2026-56324","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-77p2-9rcr-5w27","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-rate-limit-bypass-via-user-controlled-device-id-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-77p2-9rcr-5w27","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56326","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.207","lastModified":"2026-06-25T16:51:17.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"4.0.0","lessThan":"4.4.7","versionType":"semver","status":"affected"},{"version":"4.4.7","versionType":"semver","status":"unaffected"}]},{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"0","lessThan":"3.21.7","versionType":"semver","status":"affected"},{"version":"3.21.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:12:07.872599Z","id":"CVE-2026-56326","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.21.7","matchCriteriaId":"FB921816-DB1C-43CD-A4BA-560E13018B10"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.7","matchCriteriaId":"5593E9B8-6F06-4319-B88F-10AA250EA551"}]}]}],"references":[{"url":"https://github.com/nuxt/nuxt/commit/1f2dd5e78c77576437138e97671965573c232835","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/commit/2cce6fb02e621196d56df92e05594e07469b5a6d","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/nuxt-server-side-open-redirect-via-path-normalization-bypass-in-navigateto","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56348","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.353","lastModified":"2026-06-24T16:46:14.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts, exfiltrating sensitive authentication data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.20.0","versionType":"semver","status":"affected"},{"version":"2.20.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:27:18.214693Z","id":"CVE-2026-56348","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionEndExcluding":"2.20.0","matchCriteriaId":"9A35A7CD-D769-463F-AE44-A1A74D1F099F"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionEndExcluding":"2.20.0","matchCriteriaId":"5D534BAE-4CE9-4FF5-B8FF-B7F531431551"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-3875-8gcx-7v46","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-credential-exfiltration-via-allowed-http-request-domains-bypass-in-dynamic-node-parameters-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56357","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.510","lastModified":"2026-06-24T16:47:01.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.15","versionType":"semver","status":"affected"},{"version":"1.123.15","versionType":"semver","status":"unaffected"},{"version":"2.0.0","lessThan":"2.5.0","versionType":"semver","status":"affected"},{"version":"2.5.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:24:49.624521Z","id":"CVE-2026-56357","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionEndExcluding":"1.123.15","matchCriteriaId":"7D72B2A3-9044-4BD8-9651-F03CEC82E591"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionEndExcluding":"1.123.15","matchCriteriaId":"69D40CCF-D7FD-4D50-B806-391CA1564A6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.5.0","matchCriteriaId":"56672A11-FDDD-4837-8ECF-2A236EFAD19E"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.5.0","matchCriteriaId":"F95AF1A7-B8EF-44C9-806B-A2482BB1A12E"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-webhook-forgery-via-missing-hmac-sha256-signature-verification-in-github-webhook-trigger","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56697","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.650","lastModified":"2026-06-25T16:55:20.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect users to attacker-controlled hosts, enabling phishing and OAuth authorization-code theft."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"4.0.0","lessThan":"4.4.7","versionType":"semver","status":"affected"},{"version":"4.4.7","versionType":"semver","status":"unaffected"}]},{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"0","lessThan":"3.21.7","versionType":"semver","status":"affected"},{"version":"3.21.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:49:36.157372Z","id":"CVE-2026-56697","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.21.7","matchCriteriaId":"FB921816-DB1C-43CD-A4BA-560E13018B10"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.7","matchCriteriaId":"5593E9B8-6F06-4319-B88F-10AA250EA551"}]}]}],"references":[{"url":"https://github.com/nuxt/nuxt/commit/6497d99dd106254abd089f6a263d7773869a343b","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/commit/e447a793c47766834f7497f8412a76cd56fd8ee1","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/nuxt-open-redirect-via-protocol-relative-paths-in-reloadnuxtapp","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56698","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-22T22:16:52.790","lastModified":"2026-06-25T16:56:19.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when user-controlled input is passed to navigateTo."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"4.0.0","lessThan":"4.4.7","versionType":"semver","status":"affected"},{"version":"4.4.7","versionType":"semver","status":"unaffected"}]},{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"0","lessThan":"3.21.7","versionType":"semver","status":"affected"},{"version":"3.21.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:55:50.302247Z","id":"CVE-2026-56698","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.21.7","matchCriteriaId":"FB921816-DB1C-43CD-A4BA-560E13018B10"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.7","matchCriteriaId":"5593E9B8-6F06-4319-B88F-10AA250EA551"}]}]}],"references":[{"url":"https://github.com/nuxt/nuxt/commit/3394716d4a913cba904b028df5338f2aead50032","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/commit/62fc32eddf648b00a3890141e0235d2a222b024d","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/nuxt-cross-site-scripting-via-navigateto-open-option","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47155","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:30.357","lastModified":"2026-06-24T16:49:17.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.22.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:34:39.566846Z","id":"CVE-2026-47155","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.22.0","matchCriteriaId":"981922E2-F268-4829-9CDE-3A165F3808B9"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/d26a28ab033697f55a1414b5b0435de7cd6045b6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/42616","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-3ww4-5jv9-j5gm","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://huntr.com/bounties/3f1e24c0-87d2-4f6c-a705-820f380879ac","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53923","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:30.737","lastModified":"2026-06-24T16:51:00.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":">= 0.5.5, < 0.23.1rc0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:04:15.555317Z","id":"CVE-2026-53923","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionStartIncluding":"0.5.5","versionEndExcluding":"0.23.1","matchCriteriaId":"EC2E4E13-D3B7-4A9F-AF31-A9CD7753B6F4"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/f219788f91952827132fa4fdf916427cd20d225e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/44971","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-5jv2-g5wq-cmr4","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54232","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:30.873","lastModified":"2026-06-24T16:51:45.320","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY=\"unsafe-best-match\" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.22.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:29:54.064861Z","id":"CVE-2026-54232","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.22.1","matchCriteriaId":"D4FF370F-483A-4FD4-B11B-E1301D543856"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-jrf6-vqxq-pjv2","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54233","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:31.007","lastModified":"2026-06-24T16:52:33.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.23.1rc0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:15:37.427990Z","id":"CVE-2026-54233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:-:*:*:*:*:*:*","versionEndExcluding":"0.23.1","matchCriteriaId":"9EDE9DB9-F40F-4D9E-A998-791758BF5C56"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/pull/44970","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-6pr9-rp53-2pmc","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54235","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:31.143","lastModified":"2026-06-24T16:53:13.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.23.1rc0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:25:28.448086Z","id":"CVE-2026-54235","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.23.1","matchCriteriaId":"BF7F1CE7-1A95-41E3-95A5-732906527D08"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/d598d239737cfa37bcfcb98886ec3f3557fc7198","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/45116","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-7h4p-rffg-7823","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54236","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T23:16:31.290","lastModified":"2026-06-24T16:53:59.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vllm-project","product":"vllm","versions":[{"version":"< 0.23.1rc0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:32:56.752434Z","id":"CVE-2026-54236","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*","versionEndExcluding":"0.23.1","matchCriteriaId":"BF7F1CE7-1A95-41E3-95A5-732906527D08"}]}]}],"references":[{"url":"https://github.com/vllm-project/vllm/commit/94923629729381d7f7c9efde72071a2441f7fd82","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vllm-project/vllm/pull/45119","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hgg8-fqqc-vfmw","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/vllm-project/vllm/security/advisories/GHSA-hgg8-fqqc-vfmw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11833","sourceIdentifier":"7168b535-132a-4efe-a076-338f829b2eb9","published":"2026-06-23T02:16:30.917","lastModified":"2026-06-23T15:06:20.217","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Overview: \nA vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could \nbe exploited by an attacker for other attacks. \n\nThe affected products and versions are as follows:\n\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\n\nCI Server (All packages) R1.01 to R1.04"}],"affected":[{"source":"7168b535-132a-4efe-a076-338f829b2eb9","affectedData":[{"vendor":"Yokogawa Electric Corporation","product":"FAST/TOOLS","defaultStatus":"unknown","versions":[{"version":"R9.01","lessThanOrEqual":"R10.04","versionType":"custom","status":"affected"}]},{"vendor":"Yokogawa Electric Corporation","product":"CI Server","defaultStatus":"unknown","versions":[{"version":"R1.01","lessThanOrEqual":"R1.04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"7168b535-132a-4efe-a076-338f829b2eb9","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:17:05.794821Z","id":"CVE-2026-11833","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"7168b535-132a-4efe-a076-338f829b2eb9","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf","source":"7168b535-132a-4efe-a076-338f829b2eb9"}]}},{"cve":{"id":"CVE-2026-7842","sourceIdentifier":"contact@wpscan.com","published":"2026-06-23T07:16:20.187","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Infility Global","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.15.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:22:59.798017Z","id":"CVE-2026-7842","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/210303c4-0964-4a01-ac8e-13d7c7f424a2/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8163","sourceIdentifier":"contact@wpscan.com","published":"2026-06-23T07:16:20.910","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Infility Global","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.15.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:26:39.972790Z","id":"CVE-2026-8163","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/e471516a-6f43-4a89-8486-7a638845e197/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8172","sourceIdentifier":"contact@wpscan.com","published":"2026-06-23T07:16:21.007","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Simple Basic Contact Form","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"20250114","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:27:32.348004Z","id":"CVE-2026-8172","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/535ec1a1-b822-43c9-8264-6442199493d3/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8378","sourceIdentifier":"contact@wpscan.com","published":"2026-06-23T07:16:21.107","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Frontend File Manager Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"23.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:36:19.619140Z","id":"CVE-2026-8378","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/19f5dd94-b16c-4ad2-9586-d15ddecf9805/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-8379","sourceIdentifier":"contact@wpscan.com","published":"2026-06-23T07:16:21.203","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by any user through the Frontend File Manager Plugin WordPress plugin through 23.6 by iterating identifiers."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Frontend File Manager Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"23.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:23:49.153135Z","id":"CVE-2026-8379","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/71619406-19bb-437f-9538-fdf73de98827/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-10521","sourceIdentifier":"info@cert.vde.com","published":"2026-06-23T08:16:23.837","lastModified":"2026-06-23T14:33:10.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"MB connect line","product":"mbCONNECT24","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"2.20.2","versionType":"semver","status":"affected"}]},{"vendor":"MB connect line","product":"mymbCONNECT24","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"2.20.2","versionType":"semver","status":"affected"}]},{"vendor":"MB connect line","product":"mbCONNECT24","defaultStatus":"unaffected","versions":[{"version":"2.20.1","status":"affected"}]},{"vendor":"MB connect line","product":"mymbCONNECT24","defaultStatus":"unaffected","versions":[{"version":"2.20.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:28:07.155466Z","id":"CVE-2026-10521","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Secondary","description":[{"lang":"en","value":"CWE-425"}]}],"references":[{"url":"https://www.certvde.com/en/advisories/VDE-2026-068/","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2026-9733","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-23T08:16:26.037","lastModified":"2026-06-23T15:16:40.597","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.\n\nWhen no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.\n\nA predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF)."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HAYAJO","product":"Mojolicious::Plugin::Web::Auth::OAuth2","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Mojolicious-Plugin-Web-Auth","programFiles":["lib/Mojolicious/Plugin/Web/Auth/OAuth2.pm"],"programRoutines":[{"name":"Mojolicious::Plugin::Web::Auth::OAuth2::_state_generator"}],"repo":"https://github.com/hayajo/Mojolicious-Plugin-Web-Auth","versions":[{"version":"0","lessThanOrEqual":"0.17","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:18:00.494484Z","id":"CVE-2026-9733","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"},{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://datatracker.ietf.org/doc/html/rfc6749#section-10.12","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/HAYAJO/Mojolicious-Plugin-Web-Auth-0.17/source/lib/Mojolicious/Plugin/Web/Auth/OAuth2.pm#L129-131","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/M/Mojolicious-Plugin-Web-Auth/0.17/CVE-2026-9733-r2.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/23/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-11374","sourceIdentifier":"0fc0942c-577d-436f-ae8e-945763c79b02","published":"2026-06-23T09:16:28.477","lastModified":"2026-06-24T17:16:56.437","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted\n by an unauthenticated user, leading to account takeover."}],"affected":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","affectedData":[{"vendor":"zohocorp","product":"manageengine_adselfservice_plus","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"6529","versionType":"custom","status":"affected"}]},{"vendor":"zohocorp","product":"manageengine_recovery_manager_plus","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"6321","versionType":"custom","status":"affected"}]},{"vendor":"zohocorp","product":"manageengine_m365_manager_plus","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"4817","versionType":"custom","status":"affected"}]},{"vendor":"zohocorp","product":"manageengine_adaudit_plus","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"8703","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T03:56:06.337907Z","id":"CVE-2026-11374","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0fc0942c-577d-436f-ae8e-945763c79b02","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-330"},{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html","source":"0fc0942c-577d-436f-ae8e-945763c79b02"}]}},{"cve":{"id":"CVE-2026-4983","sourceIdentifier":"emo@eclipse.org","published":"2026-06-23T12:16:26.537","lastModified":"2026-06-24T16:55:25.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a malicious SVG icon and achieve stored cross-site scripting (XSS) when a user navigates directly to the icon URL.\n\n\n\n\nOn deployments using local storage, script execution occurs within the Open VSX application origin, enabling session hijacking, authentication token theft, and unauthorized extension publishing. On deployments backed by external storage (such as open-vsx.org with an S3-backed CDN), execution is confined to the storage origin, reducing impact but still permitting phishing attacks and credential harvesting through attacker-crafted pages."}],"affected":[{"source":"emo@eclipse.org","affectedData":[{"vendor":"Eclipse Foundation","product":"Eclipse Open VSX","defaultStatus":"unaffected","repo":"https://github.com/eclipse-openvsx/openvsx","versions":[{"version":"0.1.0","lessThan":"0.34.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:02:52.330281Z","id":"CVE-2026-4983","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:open_vsx:*:*:*:*:*:*:*:*","versionStartIncluding":"0.1.0","versionEndExcluding":"0.34.1","matchCriteriaId":"B6474281-0832-4C15-98E7-2D434AF8832F"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/work_items/91","source":"emo@eclipse.org","tags":["Issue Tracking","Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2025-71337","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:38.233","lastModified":"2026-06-25T18:38:38.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the original email address or re-entering the current password. By changing the recovery email, an attacker can take over the account and abuse password reset mechanisms."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise-ui","versions":[{"version":"0","lessThan":"3.0.10","versionType":"semver","status":"affected"},{"version":"3.0.10","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:03:08.804669Z","id":"CVE-2025-71337","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-620"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.7","matchCriteriaId":"888908AB-ACAE-4C55-8A8E-1237230C936E"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x39m-3393-3qp4","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-unverified-email-change-via-account-profile-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x39m-3393-3qp4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-71341","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:38.370","lastModified":"2026-06-23T15:16:30.637","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.29","versionType":"semver","status":"affected"},{"version":"0.0.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:56:04.525681Z","id":"CVE-2025-71341","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6vqj-c2q5-j97w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-undetected-profile-profile-runctx","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-6vqj-c2q5-j97w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71365","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:38.617","lastModified":"2026-06-23T15:16:30.900","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.33","versionType":"semver","status":"affected"},{"version":"0.0.33","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:31:45.381769Z","id":"CVE-2025-71365","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3329-ghmp-jmv5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-numpy-f2py-crackfortran-myeval-detection-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3329-ghmp-jmv5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71370","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:38.743","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.28","versionType":"semver","status":"affected"},{"version":"0.0.28","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:37:23.874798Z","id":"CVE-2025-71370","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vr7h-p6mm-wpmh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-torch-jit-unsupported-tensor-ops-execwrapper","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vr7h-p6mm-wpmh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71376","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:38.870","lastModified":"2026-06-23T16:16:58.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.29","versionType":"semver","status":"affected"},{"version":"0.0.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:59:10.475567Z","id":"CVE-2025-71376","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7cq8-mj8x-j263","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-idlelib-autocomplete-autocomplete-fetch-completions","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7cq8-mj8x-j263","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-10711","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-06-23T13:16:39.410","lastModified":"2026-06-23T14:33:10.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects CafePlus: from 12.05.03 before 12.05.04."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"AKIN Software Computer Import Export Industry and Trade Ltd.","product":"CafePlus","defaultStatus":"unaffected","versions":[{"version":"12.05.03","lessThan":"12.05.04","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:39:05.635101Z","id":"CVE-2026-10711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0428","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-10857","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-06-23T13:16:39.527","lastModified":"2026-06-23T14:33:10.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS.\n\nThis issue affects e-Commerce: before 1.25.01.06."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"AKIN Software Computer Import Export Industry and Trade Ltd.","product":"e-Commerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.01.06","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:05:05.088556Z","id":"CVE-2026-10857","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0427","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-44089","sourceIdentifier":"cvd@cert.pl","published":"2026-06-23T13:16:40.400","lastModified":"2026-06-23T14:33:10.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router.\n\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"Totolink","product":"EX1200L","defaultStatus":"unknown","versions":[{"version":"9.3.5u.6146_B20201023","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:32:36.793478Z","id":"CVE-2026-44089","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://cert.pl/en/posts/2026/06/CVE-2026-44089","source":"cvd@cert.pl"},{"url":"https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/217/ids/36.html","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-54892","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-06-23T13:16:43.167","lastModified":"2026-06-23T15:44:39.343","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2) parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many bracketed segments such as a[a][a][a]=1, the decoder walks the brackets and, for each of the N levels, performs a map operation keyed on an ever-growing binary prefix of the key, hashing the full byte range at each step. The total decode cost is therefore quadratic in the number of nesting levels.\n\nWith the default Plug.Parsers.URLENCODED body limit of 1,000,000 bytes, a single request can carry roughly 333,000 nesting levels and saturate a BEAM scheduler for minutes. A small number of concurrent requests can saturate all schedulers and render a Plug-based server unresponsive. No authentication or knowledge of application routes is required.\n\nThis vulnerability is associated with program files lib/plug/conn/query.ex and program routines Plug.Conn.Query.decode/4, Plug.Conn.Query.decode_each/2, Plug.Conn.Query.split_keys/6, Plug.Conn.Query.insert_keys/3, and Plug.Conn.Query.finalize_pointer/2.\n\nThis issue affects plug from 1.15.0 before 1.15.5, 1.16.4, 1.17.2, 1.18.3, and 1.19.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Query'"],"programFiles":["lib/plug/conn/query.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Query':decode/4"},{"name":"'Elixir.Plug.Conn.Query':decode_each/2"},{"name":"'Elixir.Plug.Conn.Query':split_keys/6"},{"name":"'Elixir.Plug.Conn.Query':insert_keys/3"},{"name":"'Elixir.Plug.Conn.Query':finalize_pointer/2"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:hex/plug","versions":[{"version":"1.15.0","lessThan":"1.15.5","versionType":"semver","status":"affected"},{"version":"1.16.0","lessThan":"1.16.4","versionType":"semver","status":"affected"},{"version":"1.17.0","lessThan":"1.17.2","versionType":"semver","status":"affected"},{"version":"1.18.0","lessThan":"1.18.3","versionType":"semver","status":"affected"},{"version":"1.19.0","lessThan":"1.19.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-plug","product":"plug","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-plug/plug","cpes":["cpe:2.3:a:elixir-plug:plug:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Plug.Conn.Query'"],"programFiles":["lib/plug/conn/query.ex"],"programRoutines":[{"name":"'Elixir.Plug.Conn.Query':decode/4"},{"name":"'Elixir.Plug.Conn.Query':decode_each/2"},{"name":"'Elixir.Plug.Conn.Query':split_keys/6"},{"name":"'Elixir.Plug.Conn.Query':insert_keys/3"},{"name":"'Elixir.Plug.Conn.Query':finalize_pointer/2"}],"repo":"https://github.com/elixir-plug/plug","packageURL":"pkg:github/elixir-plug/plug","versions":[{"version":"712b875d3442c765d8d37e546ffd5ad9f8afcc55","lessThan":"*","versionType":"git","status":"affected","changes":[{"at":"c317d08fdcf96e17931f7419275b2b8c4bf3e951","status":"unaffected"},{"at":"9c5d37c440eaae92869eed7c014c47266744fadb","status":"unaffected"},{"at":"d737eb236f17e31a36290e39f9ef3cd86a1343bd","status":"unaffected"},{"at":"d4e5568392a4b29e545b91e12e87d6098f976145","status":"unaffected"},{"at":"a61124aa625d819a218fb07f90afbac8aa85eb0e","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:03:58.893269Z","id":"CVE-2026-54892","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-54892.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/9c5d37c440eaae92869eed7c014c47266744fadb","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/a61124aa625d819a218fb07f90afbac8aa85eb0e","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/c317d08fdcf96e17931f7419275b2b8c4bf3e951","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/d4e5568392a4b29e545b91e12e87d6098f976145","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/commit/d737eb236f17e31a36290e39f9ef3cd86a1343bd","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-54892","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-plug/plug/security/advisories/GHSA-j43x-5hjq-rgxf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56222","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.097","lastModified":"2026-06-24T16:16:33.333","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:59:23.718242Z","id":"CVE-2026-56222","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-5r52-m8r9-7f8x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-organization-app-takeover-via-mismatched-org-id-and-app-id-in-private-role-bindings","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-5r52-m8r9-7f8x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56225","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.250","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs and not for limited_to_apps, so an app-scoped key can enumerate, update, and delete sibling API keys belonging to the same account that are outside its declared app scope, enabling tampering with account-level credentials."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:04:39.751719Z","id":"CVE-2026-56225","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hwc7-j2p6-43xp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-authorization-bypass-in-api-key-management-via-app-limited-keys","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-hwc7-j2p6-43xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56234","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.420","lastModified":"2026-06-23T15:16:38.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate limiting, enabling attackers to perform password spraying and credential stuffing attacks to compromise user accounts."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:56:45.482502Z","id":"CVE-2026-56234","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-f6v3-xv4g-79h5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-password-spraying-via-public-key-accessible-credential-validation-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-f6v3-xv4g-79h5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56243","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.553","lastModified":"2026-06-23T16:17:03.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforce_hashed_api_keys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to the PostgREST/RLS plane to access protected resources."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:32:52.799604Z","id":"CVE-2026-56243","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6g74-8cpq-g2c8","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-hashed-api-key-enforcement-bypass-via-postgrest-rls-plane","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-6g74-8cpq-g2c8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56248","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.687","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection, unfiltered queries to the public.audit_logs endpoint using the public anon key consistently trigger statement timeouts (PostgREST error 57014). Under concurrency, this exhausts database resources and causes cascading HTTP 500 failures on unrelated endpoints (e.g. /orgs), resulting in an application-layer denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.12","versionType":"semver","status":"affected"},{"version":"12.128.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:24:52.029968Z","id":"CVE-2026-56248","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-5vgv-rqj5-5748","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-denial-of-service-via-audit-logs-rls-policy","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-5vgv-rqj5-5748","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56258","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.817","lastModified":"2026-06-25T18:38:53.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU) attacks on the output_path parameter. Remote attackers can exploit insufficient path validation and symlink following to achieve arbitrary file write and potential code execution on systems where the runtime user has write access to executable or cron locations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crawl4AI","product":"Crawl4AI","defaultStatus":"unaffected","packageURL":"pkg:pypi/crawl4ai","versions":[{"version":"0","lessThan":"0.8.8","versionType":"semver","status":"affected"},{"version":"0.8.8","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:00:47.564503Z","id":"CVE-2026-56258","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.8","matchCriteriaId":"90CC6E6D-1EFB-46A5-990C-F095A97185EE"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-7cx2-g3h9-382p","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/crawl4ai-arbitrary-file-write-via-output-path-symlink-and-toctou","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56263","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:44.947","lastModified":"2026-06-25T18:39:04.983","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing the dashboard."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crawl4AI","product":"Crawl4AI","defaultStatus":"unaffected","packageURL":"pkg:pypi/crawl4ai","versions":[{"version":"0","lessThan":"0.8.7","versionType":"semver","status":"affected"},{"version":"0.8.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:11:37.409189Z","id":"CVE-2026-56263","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.7","matchCriteriaId":"5C153B68-AA3F-4755-BA13-E98AAB321695"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/crawl4ai-stored-cross-site-scripting-in-monitor-dashboard","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56274","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:45.083","lastModified":"2026-06-25T18:39:19.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions for chatflows, can configure a malicious MCP server to bypass the validateCommandFlags blocklist (for example, 'docker build' is not blocked, and 'npx --yes' is not blocked while only '-y' is) and the validateArgsForLocalFileAccess checks, resulting in execution of arbitrary commands on the Flowise host."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.1.2","versionType":"semver","status":"unaffected"}]},{"vendor":"Flowise","product":"Flowise Components","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise-components","versions":[{"version":"0","lessThan":"3.1.2","versionType":"semver","status":"affected"},{"version":"3.1.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:05:16.597724Z","id":"CVE-2026-56274","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.2","matchCriteriaId":"7CB8FEE7-C35E-4F6A-A394-033B158A1552"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m99r-2hxc-cp3q","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-remote-code-execution-via-mcp-security-bypass-in-validatecommandflags-and-validateargsforlocalfileaccess","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m99r-2hxc-cp3q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56275","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:45.223","lastModified":"2026-06-25T18:39:37.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the missing secureFetch verification in httpSecurity.ts."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.0","versionType":"semver","status":"affected"},{"version":"3.1.0","versionType":"semver","status":"unaffected"}]},{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise-components","versions":[{"version":"0","lessThan":"3.1.0","versionType":"semver","status":"affected"},{"version":"3.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:57:38.439593Z","id":"CVE-2026-56275","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-server-side-request-forgery-via-execute-flow-base-url","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56301","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:45.373","lastModified":"2026-06-25T18:39:47.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit the unprotected module request handler to read arbitrary files such as .env and SSH keys through the SSR plugin pipeline. Production builds are unaffected, as the IPC server runs only in development."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"4.0.0","lessThan":"4.4.7","versionType":"semver","status":"affected"},{"version":"4.4.7","versionType":"semver","status":"unaffected"}]},{"vendor":"Nuxt","product":"Nuxt","defaultStatus":"unaffected","packageURL":"pkg:npm/nuxt","versions":[{"version":"3.18.0","lessThan":"3.21.7","versionType":"semver","status":"affected"},{"version":"3.21.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:34:12.684151Z","id":"CVE-2026-56301","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.0","versionEndExcluding":"3.21.7","matchCriteriaId":"EC6E4941-4776-49D5-8C51-97E615877A77"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.4.7","matchCriteriaId":"5593E9B8-6F06-4319-B88F-10AA250EA551"}]}]}],"references":[{"url":"https://github.com/nuxt/nuxt/commit/1f9f4767a8725104da9bee872bb8d35246f25ae5","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/commit/c293bf9503ccb3bc9559bff4a1f592f99063c9ea","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/nuxt/nuxt/security/advisories/GHSA-534h-c3cw-v3h9","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/nuxt-arbitrary-file-read-via-world-connectable-vite-node-ipc-socket-on-linux","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56315","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:45.770","lastModified":"2026-06-23T14:52:58.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked modules to achieve remote code execution while bypassing picklescan's safety validation entirely."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"1.0.4","versionType":"semver","status":"affected"},{"version":"1.0.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:16:44.710246Z","id":"CVE-2026-56315","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-g38g-8gr9-h9xp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-standard-library-modules","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-g38g-8gr9-h9xp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56322","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:45.903","lastModified":"2026-06-23T16:17:04.287","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attackers can probe private channel names and distinguish valid channels from nonexistent ones based on response differences, revealing assigned bundle versions and platform-specific configuration details."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:01:12.725694Z","id":"CVE-2026-56322","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pgmr-gw53-7f77","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-unauthenticated-updates-defaultchannel-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pgmr-gw53-7f77","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56376","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:46.397","lastModified":"2026-06-24T14:41:30.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:06:03.212009Z","id":"CVE-2026-56376","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-40","matchCriteriaId":"C6F44A65-1733-4752-AAD0-BCCC7BDBC877"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"6AFFD439-1068-4B6F-AE01-724AC62CDCEA"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-heap-use-after-free-in-meta-coder","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56701","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:46.667","lastModified":"2026-06-23T16:17:06.540","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling external entity loading, enabling attackers to inject XXE payloads via malicious SVG files to exfiltrate sensitive data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Grav","product":"Grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.0-beta.2","versionType":"semver","status":"affected"},{"version":"2.0.0-beta.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:35:03.732699Z","id":"CVE-2026-56701","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-3446-6mgw-f79p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-xml-external-entity-injection-via-svg-upload","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-3446-6mgw-f79p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56762","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:46.813","lastModified":"2026-06-24T13:16:37.203","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \\r or \\n) when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie header values. In modern runtimes such as Node.js and Cloudflare Workers, such invalid header values are rejected and cause a runtime error before the response is sent, so header injection or response splitting could not be reproduced; the issue primarily affects correctness and robustness, resulting in runtime errors (availability) rather than confirmed header injection."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Hono","product":"Hono","defaultStatus":"unaffected","packageURL":"pkg:npm/hono","versions":[{"version":"0","lessThan":"4.12.12","versionType":"semver","status":"affected"},{"version":"4.12.12","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:07:54.410163Z","id":"CVE-2026-56762","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-26pp-8wgv-hjvm","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hono-missing-cookie-name-validation-in-setcookie","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56784","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:46.980","lastModified":"2026-06-23T22:16:32.287","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms() method in AlarmResourceImpl.java omits realm-scoping validation in its JPA query, enabling any user with alarm-write permissions to enumerate sequential auto-increment alarm IDs and delete cross-tenant alarm records without authorization."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openremote","product":"openremote","defaultStatus":"unaffected","repo":"https://github.com/openremote/openremote","versions":[{"version":"0","lessThan":"1.25.0","versionType":"semver","status":"affected"},{"version":"1.25.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:02:05.383363Z","id":"CVE-2026-56784","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-h3m5-97jq-qjrf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openremote-cross-tenant-idor-in-bulk-alarm-deletion","source":"disclosure@vulncheck.com"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-h3m5-97jq-qjrf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-11772","sourceIdentifier":"cvd@cert.pl","published":"2026-06-23T14:17:22.183","lastModified":"2026-06-23T15:16:32.867","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cvd@cert.pl","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.\n\nProduct is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability,"}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"DRIMO","product":"DRIMO CMS","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:58:41.249206Z","id":"CVE-2026-11772","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"http://www.drimo.pl/cms","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2026/06/CVE-2026-11772","source":"cvd@cert.pl"}]}},{"cve":{"id":"CVE-2026-27604","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T15:16:33.700","lastModified":"2026-06-23T16:16:59.247","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the cron admin identity, attackers can invoke admin API methods without valid credentials, session, or CSRF token. Version 0.8.0 patches the issue. Some workarounds are available. Block external access to `/api/system/*` at reverse proxy/WAF, restrict API access by trusted source IPs only (`api.allowed_ips`), rotate all admin/client API tokens immediately, invalidate active sessions and reset high-privilege credentials, and/or review API request logs for suspicious `/api/system/` access and treat as potential incident."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.4, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:11:05.254896Z","id":"CVE-2026-27604","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-57mv-jm88-66jc","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-78x5-c8gw-8279","source":"security-advisories@github.com"},{"url":"https://www.vulncheck.com/blog/fossbilling-auth-bypass-ssti-rce","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-28496","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T15:16:33.850","lastModified":"2026-06-23T16:16:59.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig templates (email templates, mass mail campaigns, custom payment adapters, and the `string_render` API endpoint) can inject arbitrary Twig expressions, leading to information disclosure and remote code execution. The vulnerability exists because Twig templates are rendered without a sandbox, allowing access to the full Twig environment, API context, and the application's dependency injection container. Version 0.8.0 patches the issue. Some workarounds are available. Audit existing email templates for suspicious Twig expressions, rotate all admin and client API tokens, and/or block external access to /api/system/* at reverse proxy/WAF to mitigate chaining with GHSA-78x5-c8gw-8279."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:02:54.282718Z","id":"CVE-2026-28496","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-57mv-jm88-66jc","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-78x5-c8gw-8279","source":"security-advisories@github.com"},{"url":"https://www.vulncheck.com/blog/fossbilling-auth-bypass-ssti-rce","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-35018","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T15:16:33.990","lastModified":"2026-06-24T16:16:29.457","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function. Attackers can exploit the unsafe concatenation of user-supplied input into a shell command string passed to rut_doSystemAction without sanitization to achieve full root-level command execution on the underlying operating system."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"NetComm Wireless Pty Ltd","product":"NF20MESH","defaultStatus":"affected","versions":[{"version":"0","lessThan":"R6B032","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:04:32.446467Z","id":"CVE-2026-35018","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://signal11.io/advisories/netcomm-nf20-mesh-remote-code-execution","source":"disclosure@vulncheck.com"},{"url":"https://support.netcommwireless.com/api/Media/Firmware/4407c21d-e990-49a4-9754-b72475f20c76?Product=NF20MESH%20Release%20Notes.pdf","source":"disclosure@vulncheck.com"},{"url":"https://support.netcommwireless.com/products/nf20mesh#Firmware","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/netcomm-nf20mesh-r6b032-authenticated-rce-via-os-command-injection","source":"disclosure@vulncheck.com"},{"url":"https://signal11.io/advisories/netcomm-nf20-mesh-remote-code-execution","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-35019","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T15:16:34.140","lastModified":"2026-06-23T16:16:59.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks to obtain full administrative control of the management interface while any legitimate administrator session is active."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"NetComm Wireless Pty Ltd","product":"NF20MESH","defaultStatus":"affected","versions":[{"version":"0","lessThan":"R6B032","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:11:11.964483Z","id":"CVE-2026-35019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://signal11.io/advisories/netcomm-nf20-mesh-authentication-bypass","source":"disclosure@vulncheck.com"},{"url":"https://support.netcommwireless.com/api/Media/Firmware/4407c21d-e990-49a4-9754-b72475f20c76?Product=NF20MESH%20Release%20Notes.pdf","source":"disclosure@vulncheck.com"},{"url":"https://support.netcommwireless.com/products/nf20mesh#Firmware","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/netcomm-nf20mesh-r6b032-hardcoded-aes-key-authentication-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-15619","sourceIdentifier":"psirt@hcl.com","published":"2026-06-23T16:16:58.393","lastModified":"2026-06-25T20:20:44.730","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"Connections","defaultStatus":"unaffected","versions":[{"version":"7.0, 8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:46:45.426418Z","id":"CVE-2025-15619","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130163","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2025-62180","sourceIdentifier":"security@pega.com","published":"2026-06-23T16:16:58.660","lastModified":"2026-06-23T19:34:58.770","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs."}],"affected":[{"source":"security@pega.com","affectedData":[{"vendor":"Pegasystems","product":"Pega Infinity","defaultStatus":"unaffected","versions":[{"version":"8.3.0","lessThan":"Infinity 25.1.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@pega.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:31:00.662432Z","id":"CVE-2025-62180","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@pega.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://support.pega.com/support-doc/pega-security-advisory-h26-vulnerability-remediation-note","source":"security@pega.com"},{"url":"https://support.pega.com/support-doc/pega-security-advisory-i25-vulnerability-remediation-note","source":"security@pega.com"}]}},{"cve":{"id":"CVE-2026-54303","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:01.700","lastModified":"2026-06-25T18:39:59.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. This vulnerability is fixed in 2.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 2.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:51:42.388128Z","id":"CVE-2026-54303","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"CF2188B0-C12E-4747-BB46-B03234B977E2"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-h86q-fx34-gfjr","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54309","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:01.860","lastModified":"2026-06-25T18:40:16.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Where the n8n AI Browser Bridge extension is installed and a browser connection is active, an unauthenticated caller can access browser-control capabilities including navigation, JavaScript evaluation, and cookie and storage access against the user's real browser profile. This issue only affects instances where @n8n/mcp-browser is run with the HTTP transport (--transport http). This vulnerability is fixed in 2.25.7 and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.26.0, < 2.26.2","status":"affected"},{"version":"< 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:45:10.329452Z","id":"CVE-2026-54309","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-qrx8-25qr-5r7v","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54310","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:01.990","lastModified":"2026-06-25T18:41:18.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account. This vulnerability is fixed in 2.25.7 and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.26.0, < 2.26.2","status":"affected"},{"version":"< 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:46:26.089057Z","id":"CVE-2026-54310","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-c37g-w77q-m4vp","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54311","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:02.127","lastModified":"2026-06-25T18:41:32.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow persist into subsequent Merge SQL executions belonging to other users or projects. This allowed a low-privileged attacker to intercept workflow data processed by other users on the same instance. This issue only affects multi-user n8n instances where more than one user has permission to create and execute workflows containing the Merge node in SQL Query mode. This vulnerability is fixed in 2.25.7 and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.26.0, < 2.26.2","status":"affected"},{"version":"< 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:45:14.037205Z","id":"CVE-2026-54311","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-488"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-9c38-2mcm-q7f7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54312","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:02.297","lastModified":"2026-06-25T18:41:59.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wide for the lifetime of the n8n server process, causing application-wide validation failures and rendering the n8n instance completely non-functional until restarted. This vulnerability is fixed in 2.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 2.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:07:39.062242Z","id":"CVE-2026-54312","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"CF2188B0-C12E-4747-BB46-B03234B977E2"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-x6p3-m6h9-fx7r","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54313","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:02.587","lastModified":"2026-06-25T18:42:11.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with attacker-controlled content. This vulnerability is fixed in 2.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 2.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:32:10.879352Z","id":"CVE-2026-54313","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"CF2188B0-C12E-4747-BB46-B03234B977E2"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jpq7-226w-6cxx","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54314","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:02.720","lastModified":"2026-06-25T18:42:34.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance. This vulnerability is fixed in 2.24.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 2.24.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:56:18.584974Z","id":"CVE-2026-54314","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"CF2188B0-C12E-4747-BB46-B03234B977E2"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jqpw-qww5-cj4c","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55568","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:02.990","lastModified":"2026-06-26T19:34:13.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD) are sent without encryption, and the CONNECT target host and port for tunneled HTTPS requests are exposed. The built-in cURL handlers (GuzzleHttp\\Handler\\CurlHandler and GuzzleHttp\\Handler\\CurlMultiHandler, used by default whenever the PHP cURL extension is available) accept an https:// proxy. libcurl older than 7.50.2 silently treats an https:// proxy as a plaintext http:// proxy. The TLS connection to the proxy is never established, and the proxy leg is cleartext with no error or warning. An application is affected when it sends requests through one of the built-in cURL handlers, configures an https:// proxy expecting the proxy connection itself to be encrypted, and runs with libcurl older than 7.50.2. This vulnerability is fixed in 7.12.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"guzzle","product":"guzzle","versions":[{"version":"< 7.12.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:44:34.695690Z","id":"CVE-2026-55568","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-319"},{"lang":"en","value":"CWE-636"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:guzzlephp:guzzle:*:*:*:*:*:*:*:*","versionEndExcluding":"7.12.1","matchCriteriaId":"F4DA5939-7C26-4452-A790-9A0457E04DE4"}]}]}],"references":[{"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55767","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T16:17:03.263","lastModified":"2026-06-26T19:34:41.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain() removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::validate() only rejected a strictly empty domain, so these cookies could be stored and the empty normalized domain was treated as matching any request host. An attacker-controlled origin that an application requests with a shared cookie jar can therefore set a cookie that Guzzle later sends to unrelated hosts using the same jar. This may allow cookie injection or session fixation against downstream services, depending on how those services interpret the injected cookie. This vulnerability is fixed in 7.12.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"guzzle","product":"guzzle","versions":[{"version":"< 7.12.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:47:47.323538Z","id":"CVE-2026-55767","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-1286"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:guzzlephp:guzzle:*:*:*:*:*:*:*:*","versionEndExcluding":"7.12.1","matchCriteriaId":"F4DA5939-7C26-4452-A790-9A0457E04DE4"}]}]}],"references":[{"url":"https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56402","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:05.397","lastModified":"2026-06-23T18:18:10.500","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nanocoai","product":"nanoclaw","defaultStatus":"unaffected","repo":"https://github.com/nanocoai/nanoclaw","packageURL":"pkg:npm/nanoclaw","versions":[{"version":"0","lessThan":"2.1.17","versionType":"semver","status":"affected"},{"version":"2.1.17","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:46:15.703007Z","id":"CVE-2026-56402","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/nanocoai/nanoclaw/commit/6227bd1a5b016fb1eb76411bb6681b4c924a51a0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nanocoai/nanoclaw/pull/2478","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-unverified-approval-response-handler","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nanocoai/nanoclaw/pull/2478","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56692","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:05.753","lastModified":"2026-06-24T15:16:42.857","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nanocoai","product":"nanoclaw","defaultStatus":"unaffected","repo":"https://github.com/nanocoai/nanoclaw","packageURL":"pkg:npm/nanoclaw","versions":[{"version":"0","lessThan":"2.1.17","versionType":"semver","status":"affected"},{"version":"2.1.17","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:57:57.281930Z","id":"CVE-2026-56692","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/nanocoai/nanoclaw/commit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nanocoai/nanoclaw/pull/2468","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nanoclaw-arbitrary-file-read-via-symlink-following-in-forwardattachedfiles","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56693","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:05.887","lastModified":"2026-06-23T17:58:20.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nanocoai","product":"nanoclaw","defaultStatus":"unaffected","repo":"https://github.com/nanocoai/nanoclaw","packageURL":"pkg:npm/nanoclaw","versions":[{"version":"0","lessThan":"2.1.17","versionType":"semver","status":"affected"},{"version":"2.1.17","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:47:48.499266Z","id":"CVE-2026-56693","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-602"}]}],"references":[{"url":"https://github.com/nanocoai/nanoclaw/commit/ac37ecbfd6b9d14fdfa1598a6412a8ffdbeaef45","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nanocoai/nanoclaw/pull/2720","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-unauthorized-create-agent-system-action","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56694","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:06.040","lastModified":"2026-06-23T18:18:10.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nanocoai","product":"nanoclaw","defaultStatus":"unaffected","repo":"https://github.com/nanocoai/nanoclaw","packageURL":"pkg:npm/nanoclaw","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:51:29.386797Z","id":"CVE-2026-56694","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nanocoai/nanoclaw/commit/0eef8fafdd7c475ab5fd8d37ea566a81e74cd834","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nanocoai/nanoclaw/pull/2566","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-forged-channel-approval-callback","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56695","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:06.170","lastModified":"2026-06-24T15:16:42.977","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"HKUDS","product":"OpenHarness","defaultStatus":"unaffected","repo":"https://github.com/HKUDS/OpenHarness","packageURL":"pkg:pypi/openharness-ai","versions":[{"version":"0","lessThanOrEqual":"0.1.9","versionType":"semver","status":"affected"},{"version":"92e298852c9b9c8c2266236292073623418c640a","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:53:56.767403Z","id":"CVE-2026-56695","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/92e298852c9b9c8c2266236292073623418c640a","source":"disclosure@vulncheck.com"},{"url":"https://github.com/HKUDS/OpenHarness/pull/276","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openharness-cross-session-disclosure-via-resume-and-summary-commands","source":"disclosure@vulncheck.com"},{"url":"https://github.com/HKUDS/OpenHarness/pull/276","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56696","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T16:17:06.297","lastModified":"2026-06-23T17:58:20.160","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments.md files, which are subsequently injected into runtime system prompts, persistently influencing local agent behavior."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"HKUDS","product":"OpenHarness","defaultStatus":"unaffected","repo":"https://github.com/HKUDS/OpenHarness","packageURL":"pkg:pypi/openharness-ai","versions":[{"version":"0","lessThanOrEqual":"0.1.9","versionType":"semver","status":"affected"},{"version":"27bb93b810e9ea8fa4832eab7152eeb3b4a6bffb","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:45:57.947347Z","id":"CVE-2026-56696","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/27bb93b810e9ea8fa4832eab7152eeb3b4a6bffb","source":"disclosure@vulncheck.com"},{"url":"https://github.com/HKUDS/OpenHarness/pull/272","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openharness-prompt-injection-via-issue-and-pr-comments-slash-commands","source":"disclosure@vulncheck.com"},{"url":"https://github.com/HKUDS/OpenHarness/pull/272","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-13162","sourceIdentifier":"cybersecurity@ch.abb.com","published":"2026-06-23T17:16:36.707","lastModified":"2026-06-25T20:12:38.967","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master.\n\nThis issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1."}],"affected":[{"source":"cybersecurity@ch.abb.com","affectedData":[{"vendor":"ABB","product":"Control Builder A","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4/4","versionType":"custom","status":"affected"}]},{"vendor":"ABB","product":"800xA for Advant Master","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.3-1","versionType":"custom","status":"affected"},{"version":"0","lessThanOrEqual":"6.1.1-1","versionType":"custom","status":"affected"},{"version":"6.1.1-3","versionType":"custom","status":"affected"},{"version":"6.2.0-1","versionType":"custom","status":"affected"},{"version":"6.1.1-2","versionType":"custom","status":"unaffected"},{"version":"6.1.1-4","versionType":"custom","status":"unaffected"},{"version":"6.2.0-2","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:20:43.036189Z","id":"CVE-2025-13162","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@ch.abb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=7PAA020047&LanguageCode=en&DocumentPartId=&Action=Launch","source":"cybersecurity@ch.abb.com"}]}},{"cve":{"id":"CVE-2025-61019","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T17:16:38.960","lastModified":"2026-06-25T20:17:08.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:54:04.078923Z","id":"CVE-2025-61019","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1222","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1222","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-61021","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T17:16:39.160","lastModified":"2026-06-25T20:17:08.983","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:33:40.391270Z","id":"CVE-2025-61021","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1223","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1223","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-61022","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T17:16:39.267","lastModified":"2026-06-23T18:17:40.150","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:57:16.058735Z","id":"CVE-2025-61022","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1226","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1226","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-61025","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T17:16:39.460","lastModified":"2026-06-23T18:17:40.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:54:41.379423Z","id":"CVE-2025-61025","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1229","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1229","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-61027","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T17:16:39.560","lastModified":"2026-06-25T18:16:37.430","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:34:03.276026Z","id":"CVE-2025-61027","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1232","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1232","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12957","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-06-23T17:16:40.977","lastModified":"2026-06-23T19:36:18.347","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted.\n\n\n\nTo remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"Amazon Web Services","product":"Language Servers for AWS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.65.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:48:30.691572Z","id":"CVE-2026-12957","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-047-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/language-servers/security/advisories/GHSA-xhcr-j4j9-3gh7","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-12958","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-06-23T17:16:41.120","lastModified":"2026-06-23T19:36:18.347","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary.\n\n\n\nTo remediate this issue, users should upgrade to version 1.69.0 or higher."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"Amazon Web Services","product":"Language Servers for AWS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.69.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:56:07.932599Z","id":"CVE-2026-12958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-61"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-047-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/language-servers/security/advisories/GHSA-6v3r-4p5c-mrp5","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-13007","sourceIdentifier":"vulnreport@tenable.com","published":"2026-06-23T17:16:41.243","lastModified":"2026-06-25T19:10:00.050","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied."}],"affected":[{"source":"vulnreport@tenable.com","affectedData":[{"vendor":"tenable","product":"Tenable Identity Exposure","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.93.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:47:42.661656Z","id":"CVE-2026-13007","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-524"}]}],"references":[{"url":"https://www.tenable.com/security/research/tns-2026-16","source":"vulnreport@tenable.com"}]}},{"cve":{"id":"CVE-2026-33760","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:52.790","lastModified":"2026-06-26T17:10:06.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated user can read, modify, rename, or permanently delete another user's data by supplying the target's resource ID or flow_id. This is a classic IDOR/BOLA vulnerability. Notably, the same source file (monitor.py) contains one correctly-implemented endpoint that uses an ownership check, demonstrating the correct pattern was known but inconsistently applied. This vulnerability is fixed in 1.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T03:56:24.929322Z","id":"CVE-2026-33760","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.0","matchCriteriaId":"D51A889E-5C89-4A92-B32B-C91EAF735430"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-9c59-2mvc-vfr8","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34912","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:53.483","lastModified":"2026-06-23T18:17:43.373","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting in inconsistent ownership relationships. Ownership validation has been added to ensure that banners and campaigns can only be linked to zones managed by the same account."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:41:45.454939Z","id":"CVE-2026-34912","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://hackerone.com/reports/3650504","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-34913","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:53.597","lastModified":"2026-06-23T18:17:43.463","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership relationships. Ownership validation has been added to ensure that campaigns can only be linked to trackers owned by the same advertiser."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:22:59.326404Z","id":"CVE-2026-34913","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://hackerone.com/reports/3650582","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-34914","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:53.700","lastModified":"2026-06-23T18:17:43.553","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:26:49.088971Z","id":"CVE-2026-34914","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://hackerone.com/reports/3653196","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-34915","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:53.807","lastModified":"2026-06-23T18:17:43.643","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:42:07.541202Z","id":"CVE-2026-34915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://hackerone.com/reports/3653316","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-34916","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:53.910","lastModified":"2026-06-23T18:17:43.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Input sanitisation has been improved to ensure that the parameter is properly validated."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive Adserver","product":"Revive Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:26:07.837348Z","id":"CVE-2026-34916","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://hackerone.com/reports/3656781","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-34917","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:54.013","lastModified":"2026-06-25T19:52:36.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context (web/API) is now recorded along with other session data, preventing session IDs from being used interchangeably."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:24:37.052853Z","id":"CVE-2026-34917","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://hackerone.com/reports/3672641","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-42867","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:58.857","lastModified":"2026-06-26T17:09:16.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (POST /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw to create directories and write files anywhere on the server's filesystem. This vulnerability is fixed in 1.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:01:29.364041Z","id":"CVE-2026-42867","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.0","matchCriteriaId":"D51A889E-5C89-4A92-B32B-C91EAF735430"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/12337","source":"security-advisories@github.com","tags":["Patch","Issue Tracking"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-79ph-745m-6wxq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-79ph-745m-6wxq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44789","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:59.290","lastModified":"2026-06-24T15:16:40.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:01:28.205914Z","id":"CVE-2026-44789","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.43","matchCriteriaId":"9BE8A466-5048-4E10-AD9C-0C71EDF89B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.20.7","matchCriteriaId":"D93F4962-6B89-45B6-9697-DC611A6ABA5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.21.0","versionEndExcluding":"2.22.1","matchCriteriaId":"080C6B5D-94B3-466D-9B60-D8B862E32A54"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44790","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:59.417","lastModified":"2026-06-24T13:54:08.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:33:12.113682Z","id":"CVE-2026-44790","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.43","matchCriteriaId":"9BE8A466-5048-4E10-AD9C-0C71EDF89B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.20.7","matchCriteriaId":"D93F4962-6B89-45B6-9697-DC611A6ABA5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.21.0","versionEndExcluding":"2.22.1","matchCriteriaId":"080C6B5D-94B3-466D-9B60-D8B862E32A54"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-57g9-58c2-xjg3","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44791","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:59.547","lastModified":"2026-06-24T13:57:35.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:09:36.219871Z","id":"CVE-2026-44791","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.43","matchCriteriaId":"9BE8A466-5048-4E10-AD9C-0C71EDF89B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.20.7","matchCriteriaId":"D93F4962-6B89-45B6-9697-DC611A6ABA5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.21.0","versionEndExcluding":"2.22.1","matchCriteriaId":"080C6B5D-94B3-466D-9B60-D8B862E32A54"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44792","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:16:59.670","lastModified":"2026-06-24T13:55:55.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires the n8n instance uses PostgreSQL as its database backend, the Source Control feature is enabled and connected to a repository the attacker can write to, and an administrator triggers a Source Control Pull. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:43:59.738471Z","id":"CVE-2026-44792","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.43","matchCriteriaId":"9BE8A466-5048-4E10-AD9C-0C71EDF89B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.20.7","matchCriteriaId":"D93F4962-6B89-45B6-9697-DC611A6ABA5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.21.0","versionEndExcluding":"2.22.1","matchCriteriaId":"080C6B5D-94B3-466D-9B60-D8B862E32A54"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44956","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:59.797","lastModified":"2026-06-25T19:52:36.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:25:08.922453Z","id":"CVE-2026-44956","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://hackerone.com/reports/3669623","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-44957","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:16:59.900","lastModified":"2026-06-23T18:17:51.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with CVE‑2026‑34917 or with third‑party API extensions that expose API functionality to low‑privileged users. Access control checks have been added to validate access to parent entities in the API modify methods."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:40:32.867951Z","id":"CVE-2026-44957","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://hackerone.com/reports/3677576","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-44958","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:17:00.007","lastModified":"2026-06-23T18:17:51.923","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions. The status field has been removed from the hidden form fields in the banner edit screen."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:27:24.511389Z","id":"CVE-2026-44958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://hackerone.com/reports/3678828","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-44959","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:17:00.120","lastModified":"2026-06-23T18:17:52.040","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery. Input sanitisation has been improved to ensure that unexpected parameters are filtered out."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:41:06.795049Z","id":"CVE-2026-44959","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://hackerone.com/reports/3744200","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-44960","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:17:00.230","lastModified":"2026-06-25T19:52:36.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:45:49.615778Z","id":"CVE-2026-44960","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://hackerone.com/reports/3680090","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-44961","sourceIdentifier":"support@hackerone.com","published":"2026-06-23T17:17:00.340","lastModified":"2026-06-25T19:52:36.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:32:45.247422Z","id":"CVE-2026-44961","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://hackerone.com/reports/3680090","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-45732","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:00.700","lastModified":"2026-06-26T20:17:13.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T19:31:10.442780Z","id":"CVE-2026-45732","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.43","matchCriteriaId":"9BE8A466-5048-4E10-AD9C-0C71EDF89B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.20.7","matchCriteriaId":"D93F4962-6B89-45B6-9697-DC611A6ABA5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.21.0","versionEndExcluding":"2.22.1","matchCriteriaId":"080C6B5D-94B3-466D-9B60-D8B862E32A54"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48519","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:01.240","lastModified":"2026-06-26T17:07:36.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the \"Shareable Playground\" (or \"Public Flows\" in code) contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessing a link. Specifically, it enables the route /api/v1/build_public_tmp to execute any public flow, given a public flow ID. When the route executes the flow, it allows for providing arbitrary custom Python code as the nodes code, inside the JSON payload. The vulnerable field is data.nodes[X].data.node.template.code.value. This vulnerability is fixed in 1.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-48519","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.2","matchCriteriaId":"F5488C0C-98DB-4686-808B-99CB766D514C"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48520","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:01.367","lastModified":"2026-06-26T17:06:40.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the \"Shareable Playground\" (or \"Public Flows\" in code) contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of the flow is allowed. The execution request can contain a list of files that gets read by Langflow and fed into the LLM. The files path can be any path supported by the storage - it can be either a local file or S3 path if supported by the local configuration This vulnerability is fixed in 1.10.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.10.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:18:15.520520Z","id":"CVE-2026-48520","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.0","matchCriteriaId":"21C0B298-2258-4F78-9DB9-9DA89089EE4F"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rcjh-r59h-gq37","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rcjh-r59h-gq37","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49444","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:01.920","lastModified":"2026-06-26T02:23:24.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.48","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.21.8","status":"affected"},{"version":">= 2.22.0, < 2.22.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:33:47.386294Z","id":"CVE-2026-49444","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.48","matchCriteriaId":"C3E2CBDC-54C4-4D67-AA9C-B578B3891403"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.21.8","matchCriteriaId":"46F98550-8B7B-441F-859C-832DAAD96A30"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.22.0","versionEndExcluding":"2.22.4","matchCriteriaId":"C4846C4B-1F9F-4C12-9253-CFFC20D6A441"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-9pq8-m8gp-4p53","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49465","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:02.180","lastModified":"2026-06-26T02:23:34.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.48","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.21.8","status":"affected"},{"version":">= 2.22.0, < 2.22.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:17:07.544428Z","id":"CVE-2026-49465","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.48","matchCriteriaId":"C3E2CBDC-54C4-4D67-AA9C-B578B3891403"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.21.8","matchCriteriaId":"46F98550-8B7B-441F-859C-832DAAD96A30"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.22.0","versionEndExcluding":"2.22.4","matchCriteriaId":"C4846C4B-1F9F-4C12-9253-CFFC20D6A441"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-5xp3-2w67-427v","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50019","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:02.853","lastModified":"2026-06-26T20:12:44.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file download stage, the cookies are passed by yt-dlp to the file downloader via --cookie. However, unless these are loaded from a file, this operation does not activate the cookie engine. As a result, curl will send cookies with requests to domains or paths for which the cookies are not scoped. This vulnerability is fixed in 2026.06.09."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yt-dlp","product":"yt-dlp","versions":[{"version":">= 2023.09.24, < 2026.06.09","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:57:06.488536Z","id":"CVE-2026-50019","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.09.24","versionEndExcluding":"2026.06.09","matchCriteriaId":"77DA92F5-D652-42D4-B533-00A209A8B090"}]}]}],"references":[{"url":"https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-f7j3-774f-rfhj","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50023","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:03.000","lastModified":"2026-06-26T20:12:25.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitly included the unsafe extensions .desktop, .url, and .webloc so that the functionality of the --write-link option (and its variants) could be preserved. These allowlist inclusions can be exploited by an attacker to write malicious OS-shortcut files in the context of a media or subtitles download. This vulnerability is fixed in 2026.06.09."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yt-dlp","product":"yt-dlp","versions":[{"version":"< 2026.06.09","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T03:55:47.131223Z","id":"CVE-2026-50023","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-641"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.06.09","matchCriteriaId":"A130AEBA-F516-4138-9BD8-8D2676A468F6"}]}]}],"references":[{"url":"https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2026.06.09.230517","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yt-dlp/yt-dlp/releases/tag/2026.06.09","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50574","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:03.340","lastModified":"2026-06-26T20:11:40.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code execution. On non-Windows platforms, this can lead to arbitrary code execution upon the next invocation of yt-dlp. This vulnerability is fixed in 2026.06.09."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"yt-dlp","product":"yt-dlp","versions":[{"version":"< 2026.06.09","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-50574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.06.09","matchCriteriaId":"A130AEBA-F516-4138-9BD8-8D2676A468F6"}]}]}],"references":[{"url":"https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-vx4q-3cr2-7cg2","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54301","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:06.053","lastModified":"2026-06-26T02:25:03.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.55","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.25.7","status":"affected"},{"version":">= 2.26.0, < 2.26.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:00:06.000876Z","id":"CVE-2026-54301","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"89E9BFA6-AA6E-4394-B819-7FFB7DFE203C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"0F398456-8B34-498A-B8A3-915C84C424F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-v733-mwr6-fgcm","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54302","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:06.193","lastModified":"2026-06-26T02:24:34.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.55","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.25.7","status":"affected"},{"version":">= 2.26.0, < 2.26.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:34:18.687480Z","id":"CVE-2026-54302","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"89E9BFA6-AA6E-4394-B819-7FFB7DFE203C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"0F398456-8B34-498A-B8A3-915C84C424F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-42h7-m79w-wvg5","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54304","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:06.603","lastModified":"2026-06-26T02:24:52.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.55","status":"affected"},{"version":">= 2.26.0, < 2.26.1","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:18:22.816792Z","id":"CVE-2026-54304","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"89E9BFA6-AA6E-4394-B819-7FFB7DFE203C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"0F398456-8B34-498A-B8A3-915C84C424F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.1","matchCriteriaId":"791B0E58-A216-46B9-953F-A818AEF9298F"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-rm2v-h48j-895m","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54305","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:06.743","lastModified":"2026-06-26T02:24:03.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely. Workflows relying on a hijacked credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of integrations. Token revocation would break affected workflows. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.55","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.25.7","status":"affected"},{"version":">= 2.26.0, < 2.26.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:44:34.716415Z","id":"CVE-2026-54305","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"89E9BFA6-AA6E-4394-B819-7FFB7DFE203C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"0F398456-8B34-498A-B8A3-915C84C424F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2j5h-858j-5mpf","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54306","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:06.877","lastModified":"2026-06-26T20:17:26.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public webhook with action nodes that consume the resulting fields, an attacker could cause the workflow to act as a confused deputy — targeting unintended records or issuing outbound requests using the workflow owner's configured credentials. This vulnerability is fixed in 2.25.7 and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.26.0, < 2.26.2","status":"affected"},{"version":"< 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T19:29:36.393993Z","id":"CVE-2026-54306","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2vff-hj5x-8gq7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54307","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:07.010","lastModified":"2026-06-26T02:20:12.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing is enabled and at least one workflow has been shared with a member-level user as an Editor. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.55","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.25.7","status":"affected"},{"version":">= 2.26.0, < 2.26.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T16:59:17.015758Z","id":"CVE-2026-54307","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"89E9BFA6-AA6E-4394-B819-7FFB7DFE203C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"0F398456-8B34-498A-B8A3-915C84C424F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-pmqw-72cg-wx85","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54308","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:07.140","lastModified":"2026-06-26T02:20:35.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. This vulnerability is fixed in 2.25.7 and 2.26.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":">= 2.26.0, < 2.26.2","status":"affected"},{"version":"< 2.25.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:58:56.409611Z","id":"CVE-2026-54308","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jvc7-762p-3743","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55423","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.283","lastModified":"2026-06-24T13:50:27.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:06:31.440801Z","id":"CVE-2026-55423","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.0","matchCriteriaId":"9D34B381-00FD-4F7D-8B5F-96C3C152B852"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/10527","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/pull/10528","source":"security-advisories@github.com","tags":["Issue Tracking","Exploit"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-7hw8-6q6r-4276","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit","Patch"]}]}},{"cve":{"id":"CVE-2026-55446","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.410","lastModified":"2026-06-24T13:50:33.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an indefinite amount of time. This vulnerability is fixed in 1.0.19."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:56:04.889802Z","id":"CVE-2026-55446","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.19","matchCriteriaId":"2B4A5B94-EB5D-4F4A-A321-53C872F43BD4"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/3923","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55447","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.540","lastModified":"2026-06-24T17:17:29.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to the vulnerability. This includes Docling (DoclingInlineComponent), Docling Serve, DoclingRemoteComponent), Read File (FileComponent), NVIDIA Retriever Extraction (NvidiaIngestComponent), Video File (VideoFileComponent), and Unstructured API (UnstructuredComponent). This vulnerability is fixed in 1.9.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T03:56:21.684473Z","id":"CVE-2026-55447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-61"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.2","matchCriteriaId":"F5488C0C-98DB-4686-808B-99CB766D514C"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/12945","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55450","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.663","lastModified":"2026-06-24T13:50:45.240","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the server. In addition, in the response, the absolute path of the uploaded file is reported to the attacker, which is an information leak that can assist in chaining other primitives. This vulnerability is fixed in 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:00:33.147977Z","id":"CVE-2026-55450","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.1","matchCriteriaId":"E5C0C925-9B95-4B10-BACE-5BBE5A9D24C5"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/pull/12831","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-x223-p2gf-v735","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-x223-p2gf-v735","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-9695","sourceIdentifier":"psirt@adobe.com","published":"2026-06-23T18:17:31.403","lastModified":"2026-06-26T18:23:05.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Acrobat Reader","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2015.006.30523","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T03:56:29.321063Z","id":"CVE-2020-9695","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"F69CF07D-D80A-4B00-94E9-C5A0D96C02B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"EB53FC96-AA45-4802-858E-692344B7B1E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"B680465C-C4FF-4CD4-8331-DBCD4BC2A6DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"A8E2402A-9025-4322-86D2-B65ABB33AFA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"79D47FD2-8C83-445E-B3E8-80A201920173"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"84F9AA0A-731D-498D-9BAA-1C3FAFC34F0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"20999B95-E3B8-44C4-AFB0-A59B88166E3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"6CDB07E7-7976-4C59-BD77-5D3A6E79F58A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-9711","sourceIdentifier":"psirt@adobe.com","published":"2026-06-23T18:17:31.530","lastModified":"2026-06-26T18:19:55.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Acrobat Reader","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2015.006.30523","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T19:40:49.421594Z","id":"CVE-2020-9711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"F69CF07D-D80A-4B00-94E9-C5A0D96C02B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"EB53FC96-AA45-4802-858E-692344B7B1E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"B680465C-C4FF-4CD4-8331-DBCD4BC2A6DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"A8E2402A-9025-4322-86D2-B65ABB33AFA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"79D47FD2-8C83-445E-B3E8-80A201920173"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"84F9AA0A-731D-498D-9BAA-1C3FAFC34F0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"20999B95-E3B8-44C4-AFB0-A59B88166E3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"6CDB07E7-7976-4C59-BD77-5D3A6E79F58A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-9713","sourceIdentifier":"psirt@adobe.com","published":"2026-06-23T18:17:31.633","lastModified":"2026-06-26T18:18:57.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"Acrobat Reader","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2015.006.30523","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:29:05.831391Z","id":"CVE-2020-9713","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"F69CF07D-D80A-4B00-94E9-C5A0D96C02B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"EB53FC96-AA45-4802-858E-692344B7B1E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"B680465C-C4FF-4CD4-8331-DBCD4BC2A6DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"A8E2402A-9025-4322-86D2-B65ABB33AFA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"79D47FD2-8C83-445E-B3E8-80A201920173"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"20.009.20074","matchCriteriaId":"84F9AA0A-731D-498D-9BAA-1C3FAFC34F0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.000.0000","versionEndIncluding":"15.006.30523","matchCriteriaId":"20999B95-E3B8-44C4-AFB0-A59B88166E3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.009.20044","versionEndIncluding":"17.011.30171","matchCriteriaId":"6CDB07E7-7976-4C59-BD77-5D3A6E79F58A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-61024","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T18:17:40.307","lastModified":"2026-06-23T19:26:33.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:51:50.564675Z","id":"CVE-2025-61024","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1227","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1227","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-61029","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T18:17:40.627","lastModified":"2026-06-23T19:26:33.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:51:03.512578Z","id":"CVE-2025-61029","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/openlink/virtuoso-opensource/issues/1228","source":"cve@mitre.org"},{"url":"https://github.com/openlink/virtuoso-opensource/issues/1228","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71382","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T18:17:41.087","lastModified":"2026-06-26T18:17:18.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ArtifexSoftware","product":"mupdf","defaultStatus":"affected","repo":"https://github.com/ArtifexSoftware/mupdf","versions":[{"version":"0","lessThan":"1.27.0-rc1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:36:25.366763Z","id":"CVE-2025-71382","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*","versionEndExcluding":"1.27.0","matchCriteriaId":"4E4FF857-3159-4D6E-B8EE-B2E2C486BFE3"}]}]}],"references":[{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=708840","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Mitigation"]},{"url":"https://github.com/ArtifexSoftware/mupdf/commit/70b71ab22e6de4d4c44cd301c88231f623a4e94e","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0-rc1","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://www.vulncheck.com/advisories/mupdf-rc1-stack-exhaustion-dos-via-epub-css-rendering","source":"disclosure@vulncheck.com","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-0864","sourceIdentifier":"cna@python.org","published":"2026-06-23T18:17:41.243","lastModified":"2026-06-25T19:51:26.187","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"When using the \"configparser\" module to write configuration files\ncontaining multi-line text values with carriage return characters (\\r) the\nresulting file could be injected with unexpected keys and values if the\nattacker controls the written value."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Software Foundation","product":"CPython","defaultStatus":"unaffected","repo":"https://github.com/python/cpython","versions":[{"version":"0","lessThan":"3.15.0","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:34:23.504725Z","id":"CVE-2026-0864","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/python/cpython/commit/0adb386f6e68eb2e73d32e19f235d012df009528","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/5858e42c539dac8394636a6e9b30472b8994851f","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/71f2e02a52d47417a6fd69f456346cd8aa7aca98","source":"cna@python.org"},{"url":"https://github.com/python/cpython/commit/aaf850fd333cd89e9aada03d92aaa788a6cb1bb8","source":"cna@python.org"},{"url":"https://github.com/python/cpython/issues/143927","source":"cna@python.org"},{"url":"https://github.com/python/cpython/pull/151559","source":"cna@python.org"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/CV4NE6AFCRJL7XQOHX7J5TSDHUWVWGJS/","source":"cna@python.org"}]}},{"cve":{"id":"CVE-2026-44726","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:17:48.623","lastModified":"2026-06-26T18:11:01.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When `autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook that was bound to the original, failed handle. As a result, the replacement TCP connection was never upgraded to TLS, and any data the application wrote before the secureConnect event travelled over the network unencrypted. A network attacker positioned to cause the initial connection attempt to fail (for example, by dropping IPv6 traffic on a dual-stack host) could deterministically trigger the fallback path and observe or tamper with traffic that the application believed was TLS-protected. This vulnerability is fixed in 2.7.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":">= 2.0.0, < 2.7.8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T03:55:51.795074Z","id":"CVE-2026-44726","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.7.8","matchCriteriaId":"CA8392FC-2247-4255-A9DA-3DC08146AF63"}]}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-chqv-56wv-7564","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45135","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:17:52.343","lastModified":"2026-06-26T18:04:10.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treating a non-.php (or other configured split_path extension) file as a script. In any deployment where the attacker can place content into a file served via FastCGI (uploads, file storage, etc.), this can be escalated to remote code execution by crafting a URL whose path triggers either flaw. This vulnerability is fixed in 2.11.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"caddyserver","product":"caddy","versions":[{"version":">= 2.7.0, < 2.11.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:30:00.592778Z","id":"CVE-2026-45135","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-176"},{"lang":"en","value":"CWE-178"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.11.3","matchCriteriaId":"929EBC65-CE84-403E-BF54-03AA66C3B09E"}]}]}],"references":[{"url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-m675-2p33-xv9g","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-m675-2p33-xv9g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45692","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:17:59.080","lastModified":"2026-06-26T19:16:40.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"caddyserver","product":"caddy","versions":[{"version":">= 2.4.0, < 2.11.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:16:06.409080Z","id":"CVE-2026-45692","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-187"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.11.3","matchCriteriaId":"115ED3C7-B19F-49F8-AA4E-6CFC10BF4365"}]}]}],"references":[{"url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-x5w9-xh9r-mvfc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-x5w9-xh9r-mvfc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49401","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:03.033","lastModified":"2026-06-26T17:43:03.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different Unicode spellings of the same name as the same file. That means a program could reach a denied path by spelling it differently than the deny rule. This vulnerability is fixed in 2.7.14."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":"< 2.7.14","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:35:46.438186Z","id":"CVE-2026-49401","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-41"},{"lang":"en","value":"CWE-176"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.14","matchCriteriaId":"6D9303E8-C864-4B87-85A9-54A72C7DADEA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-8xpq-cjcf-3wh9","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49402","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:03.177","lastModified":"2026-06-26T17:33:10.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:child_process implementation provided an escapeShellArg() helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters and did not neutralize % (which cmd.exe expands even inside double-quoted strings). An attacker who controlled any portion of an argument passed to such a call could inject arbitrary additional commands into the spawned cmd.exe invocation. This vulnerability is fixed in 2.7.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":"< 2.7.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-49402","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.10","matchCriteriaId":"FB0EEB79-222A-40A4-9608-898843B23883"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-7xh3-mhg9-jcw8","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/denoland/deno/security/advisories/GHSA-7xh3-mhg9-jcw8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49406","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:03.310","lastModified":"2026-06-26T17:29:09.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: \"manual\"), the module resolver did not validate that a package's resolved entrypoint stayed within its node_modules/<pkg>/ directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk, and the resolver then read that file without consulting the --allow-read allowlist. This let a require(\"evil-pkg\") call return the contents of a file that a direct Deno.readTextFileSync(...) call would have been blocked from reading. This vulnerability is fixed in 2.7.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":"< 2.7.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:49:51.311695Z","id":"CVE-2026-49406","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.12","matchCriteriaId":"09242B23-E899-46B6-8E30-1BAFE453EA69"}]}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-968w-xfqw-vp9q","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/denoland/deno/security/advisories/GHSA-968w-xfqw-vp9q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49411","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:03.440","lastModified":"2026-06-26T20:17:17.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address (for example the decimal integer 2130706433 or the hex form 0x7f000001, both of which resolve to 127.0.0.1) and reach the denied destination through node:net.connect or node:http.request's { host, port } options form. This vulnerability is fixed in 2.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":"< 2.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:55:45.500229Z","id":"CVE-2026-49411","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.14","versionEndExcluding":"2.8.0","matchCriteriaId":"CCC58C9A-9D40-4DEA-B856-50BBDEB3A701"}]}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-v8fw-85r8-5m23","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://github.com/denoland/deno/security/advisories/GHSA-v8fw-85r8-5m23","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49440","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:03.563","lastModified":"2026-06-26T19:27:37.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any composite whose smallest prime factor exceeds that bound — for example the product of two primes just above it, such as 17,881 × 17,891 — was reported as true (\"probably prime\"). The same divergence affected the lower-level op_node_check_prime / op_node_check_prime_bytes paths that the polyfill calls into. This vulnerability is fixed in 2.8.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"denoland","product":"deno","versions":[{"version":"< 2.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T03:55:49.551538Z","id":"CVE-2026-49440","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-325"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deno:deno:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.1","matchCriteriaId":"91F453C2-277C-4350-8234-700B47587E97"}]}]}],"references":[{"url":"https://github.com/denoland/deno/pull/34391","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/denoland/deno/security/advisories/GHSA-9xg4-qhm4-g43w","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53662","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:05.530","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The continue query parameter is read from the URL and passed to SvelteKit's redirect() without any scheme or origin validation, allowing attacker-controlled JavaScript to execute inside Immich's origin. The payload then uses the victim's existing session to mint an all-permission API key on their account, leading to persistent account takeover. This vulnerability is fixed in commit 4eb1003."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"immich-app","product":"immich","versions":[{"version":">= main@4ffa26c9, < main@4eb1003","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:28:22.156497Z","id":"CVE-2026-53662","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/immich-app/immich/commit/4eb100327ea5da2e90381b96809f1f1cc51cc7e3","source":"security-advisories@github.com"},{"url":"https://github.com/immich-app/immich/security/advisories/GHSA-8244-8vpr-vp9c","source":"security-advisories@github.com"},{"url":"https://github.com/immich-app/immich/security/advisories/GHSA-8244-8vpr-vp9c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54006","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:05.663","lastModified":"2026-06-25T13:41:57.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{event_id}/update validates that the caller has write access to the calendar the event currently belongs to, but does not validate the destination calendar_id supplied in the request body. The model layer then persists the new calendar_id unconditionally. A regular user-role account can therefore create an event in their own calendar and immediately move it into any other user's calendar whose ID they know — bypassing the authorization check that create_event correctly performs.  This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:51:36.543955Z","id":"CVE-2026-54006","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-f3g7-59qc-pqg6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54007","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:05.807","lastModified":"2026-06-26T20:17:25.847","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt() in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted messages and caused unauthorized POST /api/v1/chats/new and POST /api/chat/completions requests containing attacker-controlled prompts. This enables cross-site forced actions and model/tool execution under victim privileges without consent. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T19:27:54.187253Z","id":"CVE-2026-54007","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-3vv5-8xxp-4f55","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-3vv5-8xxp-4f55","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54008","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:05.927","lastModified":"2026-06-25T13:35:46.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/open_webui/utils/oauth.py::_process_picture_url calls validate_url(picture_url) on the initial URL only, then invokes aiohttp.ClientSession.get(picture_url, ...) without allow_redirects=False. aiohttp's default is allow_redirects=True, max_redirects=10; the function does not pass the project's AIOHTTP_CLIENT_ALLOW_REDIRECTS env constant either. An attacker with a valid OAuth IdP identity can therefore submit a public URL that 302-redirects to an internal address and read the internal response body via the attacker's own profile_image_url field. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:33:04.932259Z","id":"CVE-2026-54008","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-226f-f24g-524w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-226f-f24g-524w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54009","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.053","lastModified":"2026-06-25T13:35:03.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an image_url.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the global file table with no ownership check. an authenticated user can therefore set image_url.url to another user's file id, the server reads that file from disk, base64-encodes it, and injects the data URI into the LLM request. the user then prompts the LLM to describe / OCR the file and reads the content back. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:21:58.944722Z","id":"CVE-2026-54009","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-wch8-mhj5-9frg","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-wch8-mhj5-9frg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54010","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.180","lastModified":"2026-06-25T13:34:24.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own chat message without checking whether they own or can read those files. If the attacker then shares that chat and grants themselves read access, has_access_to_file() treats the victim file as accessible through the shared chat, and the file endpoints read or delete the victim file. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-54010","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-vrhc-3fr6-pc3c","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-vrhc-3fr6-pc3c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54011","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.310","lastModified":"2026-06-25T13:33:32.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working payload was validated through the Markdown preview path, resulting in JavaScript execution in the victim’s browser under the application origin.  This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:55:29.817663Z","id":"CVE-2026-54011","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v8qj-hxv7-mgvv","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v8qj-hxv7-mgvv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54012","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.443","lastModified":"2026-06-25T13:26:51.623","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two places: the built-in view_file tool reads the file's extracted text, and has_access_to_file()'s model branch authorizes the file content and file delete endpoints. A malicious model owner can therefore attach another user's file ID to their model metadata and read or delete that private file. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-54012","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-vjqm-6gcc-62cr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54013","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.580","lastModified":"2026-06-26T20:17:25.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no validate_profile_image_url field validator, and the model image serving endpoint has no MIME allowlist or nosniff header. Any authenticated user with workspace.models permission (enabled by default) can store a data:image/svg+xml;base64,... payload in a model's profile image and achieve full account takeover of anyone who navigates to the image URL. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T19:25:06.355423Z","id":"CVE-2026-54013","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-v2qm-5wxj-qhj7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54014","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.707","lastModified":"2026-06-25T14:36:17.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator. The root cause is that serve_cache_file() in open_webui/main.py validates the resolved path with file_path.startswith(os.path.abspath(CACHE_DIR)) — without appending os.sep. This allows any path resolving to a sibling directory whose name begins with cache (e.g. cache_sibling, cache_backup, cached_models) to pass validation. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:29:17.753186Z","id":"CVE-2026-54014","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-j2c8-v969-8r5c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54015","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.830","lastModified":"2026-06-25T14:35:30.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the prompt_id in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt (history_entry.prompt_id == prompt.id). This affects /api/v1/prompts/id/{prompt_id}/history/diff, /api/v1/prompts/id/{prompt_id}/update/version, and /api/v1/prompts/id/{prompt_id}/history/{history_id}. An authenticated user with access to any prompt they control, plus a victim prompt_history.id, can read or delete another user's private prompt history. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:19:52.815045Z","id":"CVE-2026-54015","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-4r4w-2wgp-w7cj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54016","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:06.957","lastModified":"2026-06-25T14:31:06.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization (BOLA) vulnerability in the builtin search_knowledge_files tool. When native function calling is enabled and the selected model has no attached knowledge bases, an authenticated user can call search_knowledge_files with an arbitrary knowledge_id. The function then returns file metadata from that knowledge base without checking whether the user has read access. This allows unauthorized enumeration of private or restricted knowledge base files. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:39:35.272618Z","id":"CVE-2026-54016","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-cx9v-4qj2-jrw6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54018","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.097","lastModified":"2026-06-25T14:30:18.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validate_url function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects (301/302) by default, an attacker can bypass the validation by providing a safe URL that redirects to a restricted internal network address (e.g., localhost, Docker container network, or Cloud Metadata). This allows the application to access internal services despite ENABLE_RAG_LOCAL_WEB_FETCH being set to False This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:56:05.669760Z","id":"CVE-2026-54018","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jrfp-m64g-pcwv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-jrfp-m64g-pcwv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54019","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.230","lastModified":"2026-06-25T14:27:13.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as legacy/ephemeral collections. In Milvus multitenancy mode, that user-controlled collection name becomes a resource_id and is interpolated into a Milvus expression without escaping. This is caused by an incomplete fix for CVE-2026-44560 This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:53:36.566983Z","id":"CVE-2026-54019","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-p5cp-r7rg-qpxc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54021","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.370","lastModified":"2026-06-26T20:17:26.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx path parameter and use it as a raw index into the admin-configured OLLAMA_BASE_URLS list. Access control on these routes validates only whether the user may use the requested model, never which backend the request is routed to. Any authenticated user can append an arbitrary url_idx to force their request onto an Ollama backend they were never authorized to reach, including internal, higher-privilege, or explicitly admin-disabled backends. This vulnerability is fixed in 0.9.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.9.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T19:20:54.718364Z","id":"CVE-2026-54021","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.6","matchCriteriaId":"FAB89FE0-6F34-4624-ABED-8DEE4783A17D"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-9rpj-v7hf-vv2w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54022","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.487","lastModified":"2026-06-25T14:12:50.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the document_id starts with note: (colon). However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores (document_id.replace(\":\", \"_\")). An attacker can join a document room using note_<id> (underscore) instead of note:<id> (colon), bypassing the authorization check entirely while accessing the same underlying Yjs document. The server then returns the full document state, leaking the victim's private note contents. This vulnerability is fixed in 0.8.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"open-webui","product":"open-webui","versions":[{"version":"< 0.8.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:28:33.410282Z","id":"CVE-2026-54022","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-706"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.11","matchCriteriaId":"5075875A-B6AB-4CC6-BA97-9C1D7E130C20"}]}]}],"references":[{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://github.com/open-webui/open-webui/security/advisories/GHSA-8788-j68r-3cgh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory","Exploit"]}]}},{"cve":{"id":"CVE-2026-54157","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.670","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make arbitrary outbound requests from LobeHub's infrastructure, leak Vercel deployment details, and inject cookies on the lobehub.com domain through reflected Set-Cookie headers. This vulnerability is fixed in 2.1.57."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lobehub","product":"lobehub","versions":[{"version":"< 2.1.57","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:28:24.152487Z","id":"CVE-2026-54157","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/lobehub/lobehub/security/advisories/GHSA-xmwj-c75x-6346","source":"security-advisories@github.com"},{"url":"https://github.com/lobehub/lobehub/security/advisories/GHSA-xmwj-c75x-6346","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54257","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:07.803","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. This vulnerability is fixed in 42.3.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"electron","product":"electron","versions":[{"version":">= 42.3.1, < 42.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:47:37.791277Z","id":"CVE-2026-54257","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://github.com/electron/electron/security/advisories/GHSA-q6m5-f73j-m9mc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54317","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:08.767","lastModified":"2026-06-26T20:17:26.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView (homeassistant/components/konnected/__init__.py), that is marked as not requiring authentication (requires_auth = False). A comment next to that line says auth is instead handled \"via the access token from configuration.\" That promise is only half true. Write requests (POST and PUT) are handled by update_sensor(), which does check the request's Authorization: Bearer <token> header against the integration's stored access tokens (using hmac.compare_digest). Read requests (GET) are handled by a separate get() method that has no authentication check at all. This vulnerability is fixed in 2026.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"home-assistant","product":"core","versions":[{"version":"< 2026.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:59:47.464305Z","id":"CVE-2026-54317","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:home-assistant:home-assistant:*:*:*:*:*:*:*:*","versionEndExcluding":"2026.6.0","matchCriteriaId":"7F588DE7-DE23-45A9-B8C5-4F8555BA2796"}]}]}],"references":[{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-x84v-g949-293w","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-x84v-g949-293w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54318","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:08.890","lastModified":"2026-06-26T19:28:42.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services LocationResult directly to it; the receiver trusts the extra and forwards it to the user's Home Assistant server as the device's real location. This bypasses Android's developer-mode \"Mock Location\" gate and allows a local malicious app to drive zone-based automations (unlock door / disarm alarm / open garage) by faking the user's GPS position. This vulnerability is fixed in 2026.5.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"home-assistant","product":"core","versions":[{"version":"< 2026.5.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:35:30.887367Z","id":"CVE-2026-54318","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-926"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:home-assistant:home_assistant_companion:*:*:*:*:*:android:*:*","versionEndExcluding":"2026.5.3","matchCriteriaId":"6AA860BB-ADB1-4C7E-B0F6-A56ECBF770B2"}]}]}],"references":[{"url":"https://github.com/home-assistant/android/pull/6837","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-77r5-pw5w-mgj3","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory","Mitigation"]},{"url":"https://github.com/home-assistant/core/security/advisories/GHSA-77r5-pw5w-mgj3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-54323","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:09.017","lastModified":"2026-06-24T16:16:32.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox.  This vulnerability is fixed in 0.185.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":"< 0.185.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:26:59.323724Z","id":"CVE-2026-54323","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-375h-72g4-hc9c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54324","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T18:18:09.143","lastModified":"2026-06-25T13:16:47.080","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. This vulnerability is fixed in 0.185.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":"< 0.185.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:42:40.744166Z","id":"CVE-2026-54324","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-qwxf-2m7m-2m3x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-57062","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T18:18:10.973","lastModified":"2026-06-25T20:16:05.473","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"GnuPG","product":"GnuPG","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"2.5.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T17:35:24.722258Z","id":"CVE-2026-57062","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://blog.calif.io/p/how-to-format-a-ciphertext","source":"cve@mitre.org"},{"url":"https://www.gnupg.org/download/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-54319","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T19:17:07.810","lastModified":"2026-06-24T14:17:33.177","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference (volumeId, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volume base directory. This vulnerability is fixed in 0.186."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":"< 0.186","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:36:26.958408Z","id":"CVE-2026-54319","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-250"},{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-fjv8-j4p5-cr9m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54320","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T19:17:07.993","lastModified":"2026-06-24T16:16:32.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and matches an invitation's target email against the email in the caller's token, but the invitation accept and decline paths did not require that email to be verified, unlike organization creation, which already enforced verification. On identity providers that allow self-service signup and issue a session before the email is verified, an actor could register an address matching a pending invitation, leave it unverified, and accept the invitation, joining the target organization with the role the invitation carried (up to Owner). This vulnerability is fixed in 0.184.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":"< 0.184.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:28:12.345394Z","id":"CVE-2026-54320","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-m6hx-cffh-3f3h","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54321","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T19:17:08.190","lastModified":"2026-06-25T13:16:46.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":">= 0.101.0, < 0.184.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:43:11.024229Z","id":"CVE-2026-54321","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54322","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T19:17:08.370","lastModified":"2026-06-23T20:16:49.123","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who owns any organization (organizations are self-service) could therefore modify the permissions of, or delete, a role belonging to a different organization, given that role's identifier. This vulnerability is fixed in 0.185.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"daytonaio","product":"daytona","versions":[{"version":"< 0.185.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":5.3}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:55:58.656155Z","id":"CVE-2026-54322","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/daytonaio/daytona/security/advisories/GHSA-qxvm-pcfm-qc39","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-39253","sourceIdentifier":"cve@mitre.org","published":"2026-06-23T20:16:47.243","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T20:41:58.483391Z","id":"CVE-2026-39253","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://support.pivotal.aurea.com/article/129552-remediating-insecure-deserialization-cwe-502-in-pivotal-6-6-04-08-smart-client-pbs","source":"cve@mitre.org"},{"url":"https://timtimxs.github.io/CVE-2026-39253-Advisory/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-54325","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.217","lastModified":"2026-06-25T16:14:45.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-local extension code could run with the same privileges as the local Pi process without the user having a convenient way to make a trust decision. This vulnerability is fixed in 0.79.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"earendil-works","product":"pi","versions":[{"version":"< 0.79.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T19:44:24.627687Z","id":"CVE-2026-54325","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/earendil-works/pi/commit/38f18be44727e669eb0a6e2eb8edb51b0232d83c","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/commit/718215bd95b6fc6fa251580d27ea8aab857de390","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/commit/89a92207f1c9303d53d822fd9b0ac21578834cb4","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/commit/ce3a72444e1cc1eaa50475fb3378c7ffbb53ef49","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/commit/ff3e9df5f5b32368c20b0ef553a6834b3dee9350","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/releases/tag/v0.79.0","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/security/advisories/GHSA-mqxh-6gq7-558m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54326","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.347","lastModified":"2026-06-25T16:14:45.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation. This vulnerability is fixed in 0.78.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"earendil-works","product":"pi","versions":[{"version":">= 0.74.0, < 0.78.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:09:02.637895Z","id":"CVE-2026-54326","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/earendil-works/pi/commit/6cb23f9b5d5b6d1747672f535b167d0d809ac010","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/releases/tag/v0.78.1","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/security/advisories/GHSA-7v5m-pr3q-6453","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54327","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.473","lastModified":"2026-06-26T19:16:43.220","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions. This vulnerability is fixed in 0.78.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"earendil-works","product":"pi","versions":[{"version":">= 0.74.0, < 0.78.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:09:06.999786Z","id":"CVE-2026-54327","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://github.com/earendil-works/pi/commit/135fb545f99106a4a249274f129b90bc0a77d347","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/releases/tag/v0.78.1","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/security/advisories/GHSA-r95r-rj6r-c39x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54328","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.603","lastModified":"2026-06-25T16:14:45.143","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extension code in the victim user's process.  This vulnerability is fixed in 0.78.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"earendil-works","product":"pi","versions":[{"version":">= 0.74.0, < 0.78.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:37:52.524343Z","id":"CVE-2026-54328","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-379"}]}],"references":[{"url":"https://github.com/earendil-works/pi/commit/a98e087e5d08ea2a536bf73dbb0aebb87c3ef72e","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/commit/ea3465a8e371a12d0167a06b60f93878e3a3df44","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/pull/5345","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/releases/tag/v0.78.1","source":"security-advisories@github.com"},{"url":"https://github.com/earendil-works/pi/security/advisories/GHSA-jfgx-wxx8-mp94","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54555","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.737","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an allowed prefix such as git could hide a second command behind one of these constructs. rtk rewrite returned exit code 0, causing the Claude hook to emit permissionDecision: \"allow\". The rewritten command still contained the hidden command, so it ran without the user confirmation or denial that the permission rules were intended to enforce. This vulnerability is fixed in 0.42.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"rtk-ai","product":"rtk","versions":[{"version":"< 0.42.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:29:21.375030Z","id":"CVE-2026-54555","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/rtk-ai/rtk/security/advisories/GHSA-7gxq-fvfc-g327","source":"security-advisories@github.com"},{"url":"https://github.com/rtk-ai/rtk/security/advisories/GHSA-7gxq-fvfc-g327","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54761","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.867","lastModified":"2026-06-26T16:37:51.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own namespace. As a result, an HTTPRoute created in a namespace that is not allow-listed can reference a cross-provider TraefikService such as api@internal, dashboard@internal or rest@internal by pointing backendRef.namespace at an allow-listed namespace covered by a Gateway API ReferenceGrant, exposing internal Traefik services on the data plane. Exploitation requires the ability to create an accepted HTTPRoute and a matching ReferenceGrant from an allow-listed namespace; it does not require any change to Traefik static configuration, RBAC, or the deployment itself. This vulnerability is fixed in 3.6.21 and 3.7.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"traefik","product":"traefik","versions":[{"version":"< 3.6.21","status":"affected"},{"version":">= 3.7.0-ea.1, < 3.7.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:45:14.367141Z","id":"CVE-2026-54761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.21","matchCriteriaId":"D985E0AC-5D9F-4095-9B8C-A3A517A3CF96"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.5","matchCriteriaId":"0709610D-C4FB-446A-A537-DB078083DA98"}]}]}],"references":[{"url":"https://github.com/traefik/traefik/releases/tag/v3.6.21","source":"security-advisories@github.com","tags":["Release Notes","Patch"]},{"url":"https://github.com/traefik/traefik/releases/tag/v3.7.5","source":"security-advisories@github.com","tags":["Release Notes","Patch"]},{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-3g6v-2r68-prfc","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54762","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T20:16:49.997","lastModified":"2026-06-26T16:37:18.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the referenced auth Secret cannot be resolved or parsed, Traefik logs the resolution error, skips installing the authentication middleware, and still emits a router to the backend service. A route that operators intended to protect is therefore published to the data plane without its authentication control, allowing unauthenticated access to the backend. The trigger is an invalid or unresolved auth dependency — a missing, malformed, unreadable, or policy-denied Secret — rather than an intentionally unprotected route. This vulnerability is fixed in 3.7.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"traefik","product":"traefik","versions":[{"version":">= 3.7.0-ea.1, < 3.7.5","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:40:27.663071Z","id":"CVE-2026-54762","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.5","matchCriteriaId":"0709610D-C4FB-446A-A537-DB078083DA98"}]}]}],"references":[{"url":"https://github.com/traefik/traefik/releases/tag/v3.7.5","source":"security-advisories@github.com","tags":["Release Notes","Patch"]},{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-4mr2-fg2p-w63c","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-64105","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:53.927","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when rel_type=order, an authenticated client can create a support ticket that references another client's order they do not own. The ticketCreateForClient() method accepted rel_id without verifying order ownership for non-upgrade tasks, allowing clients to link a new ticket to another client's order by crafting the request. No cron task automatically processes cancel/upgrade requests from ticket relations; staff action is required. This affects integrity and confidentiality: staff could be misled into acting on the wrong order (e.g., cancellation or upgrade requests). While there is no client-to-client order data exposure, order IDs may appear in ticket context. This issue has been fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.6.21, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:10:09.607340Z","id":"CVE-2025-64105","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-rcr8-p92p-9887","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-11807","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T21:16:54.350","lastModified":"2026-06-27T05:16:41.450","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9"],"versions":[{"version":"0:1.1.19-1.el8ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9"],"versions":[{"version":"0:1.1.19-1.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"0:1.2.9-2.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-25/eda-controller-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"1781741251","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1781732675","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:22:21.415124Z","id":"CVE-2026-11807","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:28376","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28377","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28492","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28497","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11807","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487036","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28376","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28377","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28492","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28497","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11807","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487036","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11807.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-23513","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:55.203","lastModified":"2026-06-26T15:16:37.307","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details\nIn ServiceTransaction::getSearchQuery() and Order\\Service::getSearchQuery(), OR-based search/action filters were appended without grouping, allowing SQL operator precedence to evaluate OR clauses independently of the enforced client_id constraint. Crafted requests could therefore return records and metadata belonging to other clients, including identifiers, amounts, status, timestamps, and related fields. This issue was fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:58:31.434325Z","id":"CVE-2026-23513","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-xcrv-cccw-r65v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-41862","sourceIdentifier":"security@vmware.com","published":"2026-06-23T21:16:57.820","lastModified":"2026-06-25T19:10:00.050","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application JVM.\n\nAffected versions:\nSpring Statemachine 4.0.0 through 4.0.1\nSpring Statemachine 3.2.0 through 3.2.4"}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Statemachine","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.1.1","versionType":"custom","status":"affected"},{"version":"3.2.0","lessThan":"3.2.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:24:25.858234Z","id":"CVE-2026-41862","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://spring.io/security/cve-2026-41862","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2026-46547","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:57.940","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and <a> tag bindings without validation, allowing javascript: URI injection. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:50:08.621294Z","id":"CVE-2026-46547","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-9qgr-6vpg-9gh9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46548","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.077","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permission could direct outbound POST requests to arbitrary internal hosts. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:23:21.087035Z","id":"CVE-2026-46548","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-2c5x-4jgf-88mj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46549","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.197","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope (e.g. MCP-only) therefore inherited the full permissions of the underlying user across all routes; the granted_resources.base_id restriction was bypassed on org-level endpoints that don't populate req.context.base_id. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:17:01.257502Z","id":"CVE-2026-46549","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-m5qg-rvjq-727p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46550","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.323","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:14:44.843576Z","id":"CVE-2026-46550","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-614"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-f74w-272x-mqcv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46551","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.457","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote content-length or against the response stream. An authenticated user (Editor+) could direct the server to download arbitrarily large files, exhausting disk space and causing denial of service. In packages/nocodb/src/services/attachments.service.ts, the HEAD probe read content-length but never compared it to NC_ATTACHMENT_FIELD_SIZE; the subsequent storageAdapter.fileCreateByUrl() performed the download without maxContentLength. This vulnerability is fixed in 2026.04.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:57:12.982822Z","id":"CVE-2026-46551","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-99vc-2jx2-688p","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46552","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.583","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID (xc-shared-base-id), an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the invite via the normal signup flow and retain authenticated access even after the owner revoked the shared link. Shared-base sessions were mapped to ProjectRoles.VIEWER in packages/nocodb/src/strategies/base-view.strategy/base-view.strategy.ts, and packages/nocodb/src/utils/acl.ts granted baseUserList and userInvite to that role. The shared frontend (packages/nc-gui/composables/useApi/interceptors.ts) deliberately removed auth headers in favour of the shared-base header, but the ACL middleware did not distinguish shared sessions from genuine viewers. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:43:07.536646Z","id":"CVE-2026-46552","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-chqv-vrj7-qffp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46553","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.710","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:48:18.575528Z","id":"CVE-2026-46553","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46554","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.830","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache. The auth middleware therefore continued to accept the deleted token until the cache entry aged out, leaving a deletion-to-revocation window of up to three days. This vulnerability is fixed in 2026.04.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:35:57.298120Z","id":"CVE-2026-46554","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-f76x-f9vj-92jv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47279","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:58.953","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on the view's table — including columns the view owner had hidden. publicMmList, publicHmList, and relDataList already ensured that the requested column belonged to the view's model, but did not check the view-column entry's show flag. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:14:52.748486Z","id":"CVE-2026-47279","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-9wgh-m22w-9xj8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47375","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.087","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT(...). The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during column creation and on every subsequent record read of the formula column. The vulnerability is specific to the Postgres mapping for ARRAYSORT in packages/nocodb/src/db/functionMappings/pg.ts. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:33:03.566987Z","id":"CVE-2026-47375","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-cxv7-gmmp-228p","source":"security-advisories@github.com"},{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-cxv7-gmmp-228p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47376","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.280","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS <%= %> HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and execute attacker-controlled script in the NocoDB origin. Triggering required only that a victim follow a malicious password-reset link. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:58:03.962306Z","id":"CVE-2026-47376","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-6xcx-7qmg-vjfq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47377","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.413","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace() on a path extracted from the URL hash fragment after only checking hashPath.startsWith('/'). Protocol-relative URLs (//attacker.com/…) also satisfy that check, so a crafted link silently redirected visitors to an attacker-controlled origin. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:42:06.967015Z","id":"CVE-2026-47377","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-rvp5-9p55-f5rp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47378","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.557","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data list accepted arbitrary link-column IDs from other tables in the same base. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:47:52.422229Z","id":"CVE-2026-47378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-4w6r-5c2j-qf5f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47379","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.677","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:55:46.215841Z","id":"CVE-2026-47379","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-203"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-qhxg-623c-cfjm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47380","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.803","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.04.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:29:58.244930Z","id":"CVE-2026-47380","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"},{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-jr54-jwhj-55gp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47381","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:16:59.930","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:38:27.158469Z","id":"CVE-2026-47381","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-96fh-m4r8-6v9v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47382","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.077","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses (including IPv4-mapped IPv6 forms and localhost) reached the driver. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:15:27.003532Z","id":"CVE-2026-47382","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-w43h-r5m5-p832","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47383","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.200","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered the stored body and fed its data-tooltip attribute to Tippy with allowHTML: true. Even when the editor stripped script tags at write time, attribute-level payloads re-entered the DOM as live HTML on hover. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:47:17.503409Z","id":"CVE-2026-47383","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-jf3g-4gwg-4h66","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47384","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.357","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific knex.raw() aggregations that interpolate the request's column_name directly into the SQL string. Column lookup in data-table.service.ts matches on both the sanitized column_name field and the free-text title, so a title containing a SQL fragment bypasses the public endpoint's existing column allowlist and reaches the query builder unescaped. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:36:58.012745Z","id":"CVE-2026-47384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-p8wx-5f39-w3x4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47385","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.487","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration create services accepted a caller-supplied filename and passed it to fs.exists and fs.open('w') without restricting the location. A user could point a source at noco.db, at a tenant database under nc_minimal_dbs/, or at any writable path the NocoDB process can reach, and then read or overwrite its contents through the regular table APIs.This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:14:02.612678Z","id":"CVE-2026-47385","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-wvqj-9wv4-7ff5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47386","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.617","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid (access_token, refresh_token) pair, breaking the single-use guarantee that PKCE relies on. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:17:37.476628Z","id":"CVE-2026-47386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-8m7c-hf24-5g47","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47387","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.743","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/useSharedFormViewStore.ts) in NocoDB writes the form's redirect_url to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role (or above) on any base can plant a javascript: URL in the form's redirect_url; when an authenticated viewer opens the share-link and submits the form, the payload executes in the NocoDB origin and can read the session token from localStorage[\"nocodb-gui-v2\"]. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:50:33.199771Z","id":"CVE-2026-47387","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-hj85-ph9q-78jg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47388","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:00.873","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:36:51.373818Z","id":"CVE-2026-47388","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-xxpj-q764-9r6q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53926","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.363","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and passwordReset. OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:46:44.611615Z","id":"CVE-2026-53926","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-g72g-r7m4-9x4g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53927","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.497","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMake) accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16, allowing the cloud-metadata endpoint to be reached with a crafted URL This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:38:02.839991Z","id":"CVE-2026-53927","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-gprh-27j3-g5h4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53928","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.623","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForgot only rotated token_version and revoked OAuth tokens — it did not call UserRefreshToken.deleteAllUserToken(user.id). An attacker holding a captured refresh cookie could still exchange it for a new access token after the victim triggered the recovery flow. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:13:08.651255Z","id":"CVE-2026-53928","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-r989-7g3j-wjhw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53929","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.743","lastModified":"2026-06-25T20:17:15.400","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stored response-header overrides under PascalCase keys (ResponseContentDisposition, ResponseContentType) while the controller that served the file read them under lowercase-hyphen names (response-content-disposition). The mismatch dropped the Content-Disposition: attachment header, leaving Express to auto-render .html, .svg, and similar inline. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:19:10.858407Z","id":"CVE-2026-53929","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-6mhr-74x2-98v9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53930","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.870","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:38:27.867408Z","id":"CVE-2026-53930","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-h6vv-pcq8-7xm4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53931","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T21:17:01.987","lastModified":"2026-06-25T14:21:00.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv satisfies the gate even though the\nunderlying request is for another file. This vulnerability is fixed in 2026.05.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 2026.05.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:33:17.891746Z","id":"CVE-2026-53931","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-441"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-hmcr-rmjq-47qr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56120","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T21:17:03.210","lastModified":"2026-06-23T22:16:32.207","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-47693","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T23:16:49.437","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters (=, +, -, @). When an administrator exports activity logs and opens the resulting CSV in a spreadsheet application (Microsoft Excel, LibreOffice Calc, Google Sheets), any formula stored in a username is executed by the application. This can be used for phishing attacks against administrators or data exfiltration. Versions 4.2.4 and 4.3.3 patch the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"poweradmin","product":"poweradmin","versions":[{"version":"< 4.2.4","status":"affected"},{"version":">= 4.3.0, < 4.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:45:52.225041Z","id":"CVE-2026-47693","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://github.com/poweradmin/poweradmin/releases/tag/v4.2.4","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/releases/tag/v4.3.3","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3h6h-67x3-cv5x","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3h6h-67x3-cv5x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48493","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T23:16:49.720","lastModified":"2026-06-26T19:16:42.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser — for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"grokability","product":"snipe-it","versions":[{"version":"< 8.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:00:57.003096Z","id":"CVE-2026-48493","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.0","matchCriteriaId":"698F7E88-EE9A-464A-AB75-BFD87E4AF0D2"}]}]}],"references":[{"url":"https://github.com/grokability/snipe-it/pull/19024","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54588","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T23:16:49.863","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"poweradmin","product":"poweradmin","versions":[{"version":"< 4.2.4","status":"affected"},{"version":">= 4.3.0, < 4.3.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:20:38.664321Z","id":"CVE-2026-54588","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/poweradmin/poweradmin/releases/tag/v4.2.4","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/releases/tag/v4.3.3","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx","source":"security-advisories@github.com"},{"url":"https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56785","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T23:16:50.020","lastModified":"2026-06-25T19:25:34.880","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in browsers of viewers including administrators, or bypass URL scheme validation to inject javascript: or data: URIs."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"FlatPress","product":"FlatPress","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10be83c","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:05:10.684705Z","id":"CVE-2026-56785","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/dilipk5/flatpressd-cms-sxss","source":"disclosure@vulncheck.com"},{"url":"https://github.com/flatpressblog/flatpress/commit/10be83cbaac5ce0e51250b9d57de7f257b8f34f8","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/flatpress-stored-cross-site-scripting-via-unescaped-comment-and-contact-form-fields","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-5818","sourceIdentifier":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","published":"2026-06-24T00:16:33.830","lastModified":"2026-06-25T16:14:14.483","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless update.\n\nThis issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0."}],"affected":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","affectedData":[{"vendor":"Caliptra","product":"Core Runtime Firmware","defaultStatus":"unaffected","collectionURL":"https://github.com/chipsalliance/caliptra-sw","packageName":"Core Runtime Firmware","modules":["ActivateFirmwareCmd::activate_fw"],"versions":[{"version":"2.0.0","lessThanOrEqual":"2.0.1","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.0.2","versionType":"semver","status":"unaffected"},{"version":"2.1.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:04:30.529915Z","id":"CVE-2026-5818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","type":"Secondary","description":[{"lang":"en","value":"CWE-253"}]}],"references":[{"url":"https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-456r-gcjr-6rxq","source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554"}]}},{"cve":{"id":"CVE-2026-6458","sourceIdentifier":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","published":"2026-06-24T00:16:34.037","lastModified":"2026-06-25T16:14:14.483","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext. Ciphertext produced by that call may be modified without the tag reflecting the change.\n\nThis issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0."}],"affected":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","affectedData":[{"vendor":"Caliptra","product":"Core Runtime Firmware","defaultStatus":"unaffected","collectionURL":"https://github.com/chipsalliance/caliptra-sw","packageName":"Core Runtime Firmware","modules":["aes_256_gcm_update"],"versions":[{"version":"2.0.0","lessThanOrEqual":"2.0.1","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.0.2","versionType":"semver","status":"unaffected"},{"version":"2.1.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:14:19.562293Z","id":"CVE-2026-6458","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554","type":"Secondary","description":[{"lang":"en","value":"CWE-325"}]}],"references":[{"url":"https://github.com/chipsalliance/caliptra-sw/security/advisories/GHSA-834g-h5x6-2hqr","source":"b01ddd03-5ef6-483b-b2c5-acba77f1a554"}]}},{"cve":{"id":"CVE-2026-7574","sourceIdentifier":"cve@takeonme.org","published":"2026-06-24T00:16:34.173","lastModified":"2026-06-25T19:14:05.160","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local attacker with unprivileged code execution as the victim macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boots, enabling persistent arbitrary code execution in the VM and access to host-mounted directories. The estimated CWE mapping is CWE-353 (Missing Support for Integrity Check)."}],"affected":[{"source":"cve@takeonme.org","affectedData":[{"vendor":"Anthropic","product":"Claude Desktop Cowork","defaultStatus":"unaffected","versions":[{"version":"1.1348.0","lessThanOrEqual":"1.2278.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@takeonme.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"cve@takeonme.org","ssvcData":{"options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CNA","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:03:53.789182Z","id":"CVE-2026-7574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@takeonme.org","type":"Secondary","description":[{"lang":"en","value":"CWE-353"}]}],"references":[{"url":"https://cfp.recon.cx/recon-2026/talk/DZUQYU/","source":"cve@takeonme.org"},{"url":"https://takeonme.org/gcves/GCVE-1337-2026-00000000000000000000000000000000000000000000000001110111111101011111111110000000000000000000000000000000000000000000000000000001010","source":"cve@takeonme.org"}]}},{"cve":{"id":"CVE-2026-54639","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T01:16:25.363","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indirect usage via SD's transform lifecycle. Impact is high for this when style-dictionary is used as an integration in a NodeJS server application. Impact is moderate for when style-dictionary is used as an integration in a Web application. Impact is low for most common cases where the user of style-dictionary also maintains the tokens, and access is limited via read/write access to the repository/workflows where it is used. A patch has been published in version `5.4.4`. The only known workaround is to sanitize token data first. Whether using DTCG format or old Style Dictionary format, check the token data object recursively for any object keys that include `__proto__`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"style-dictionary","product":"style-dictionary","versions":[{"version":">= 4.3.0, < 5.4.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:00:58.855282Z","id":"CVE-2026-54639","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/style-dictionary/style-dictionary/commit/209085d9782cfc0783c4d983f3f1bb2c515954ec","source":"security-advisories@github.com"},{"url":"https://github.com/style-dictionary/style-dictionary/commit/23b5e8dda143441f0d6b8e2b4222e2da98058bc5","source":"security-advisories@github.com"},{"url":"https://github.com/style-dictionary/style-dictionary/pull/1702","source":"security-advisories@github.com"},{"url":"https://github.com/style-dictionary/style-dictionary/security/advisories/GHSA-vj5c-m527-mpff","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-12681","sourceIdentifier":"cve-coordination@google.com","published":"2026-06-24T02:16:28.060","lastModified":"2026-06-25T19:51:26.187","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended to the trusted SHA256 hash list. A crafted TPM event log could inject arbitrary SHA256 hashes into the verifier's trusted measurement database, enabling a remote attestation verifier to accept a compromised boot state. This issue affects go-attestation: through 0.6.0."}],"affected":[{"source":"cve-coordination@google.com","affectedData":[{"vendor":"Google","product":"go-attestation","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:57:27.832740Z","id":"CVE-2026-12681","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1285"}]}],"references":[{"url":"https://github.com/google/go-attestation/commit/b6e905e7ae52937f02b5ca494dd1c6a3ac7a1003","source":"cve-coordination@google.com"},{"url":"https://github.com/google/go-attestation/releases/tag/v0.6.1","source":"cve-coordination@google.com"},{"url":"https://github.com/google/go-attestation/security/advisories/GHSA-9r4w-jg96-92mv","source":"cve-coordination@google.com"}]}},{"cve":{"id":"CVE-2026-11614","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T04:17:05.340","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"xpro","product":"Xpro Addons — 140+ Widgets for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:46:56.872148Z","id":"CVE-2026-11614","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/tags/1.7.3/inc/helper-functions.php#L1069","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/tags/1.7.3/widgets/image-scroller/layout/frontend.php#L8","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/inc/helper-functions.php#L778","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/animated-link/layout/frontend.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/author-box/layout/frontend.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/button/layout/frontend.php#L36","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/hero-slider/layout/frontend.php#L65","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/hot-spot/layout/frontend.php#L35","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/icon-box/layout/frontend.php#L12","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/icon-box/layout/frontend.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/image-scroller/layout/frontend.php#L14","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/image-scroller/layout/frontend.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/info-list/layout/frontend.php#L15","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/pricing/layout/frontend.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/promo-box/layout/frontend.php#L51","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/site-logo/layout/frontend.php#L35","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/site-title/layout/frontend.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/team/layout/frontend.php#L46","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0f78479f-8e28-4fa4-bf2b-eefedffa4d72?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3652","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T04:17:06.923","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrator views the \"Partial Filled Form Entries\" page in the ARForms dashboard."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"n/a","product":"ARforms","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:58:55.569094Z","id":"CVE-2026-3652","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://codecanyon.net/item/arforms-wordpress-form-builder-plugin/6023165","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6ca5856-9010-4bb3-a024-92b3b4d500b4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12485","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:25.973","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.\n\nDVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. \n\n\n\nUpon receiving a UDP message,  the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:\n\n\n#### IP field stack overflow\n\nThe following code is vulnerable to a stack overflow that is attacker-controlled:\n\n\n\n      v3 = strlen(g_network_config->ip_addr);\n\n      memcpy(&reply_buf[36], g_network_config->ip_addr, v3);"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"v2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:55:48.854235Z","id":"CVE-2026-12485","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12486","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.220","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.\n\n\n`libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.)\n\n\n#### CNetSetObj::m_F_n_Set_IP_Addr command injection\n\nThe following function takes a string as an ip address, performs no sanitization and calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. \n\n\n\n    int __fastcall CNetSetObj::m_F_n_Set_IP_Addr(const char **this, char *ip_addr)\n\n    {\n\n      bool v2; // zf\n\n      char v4[72]; // [sp+0h] [bp-48h] BYREF\n\n\n\n      v2 = *this == 0;\n\n      if ( *this )\n\n        v2 = ip_addr == 0;\n\n      if ( v2 )\n\n        return 0;\n\n      sprintf(v4, \"/sbin/ifconfig %s %s\", *this, ip_addr);  // attacker controlled ip address \n\n      system(v4);\n\n      return 1;\n\n    }"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"V2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:54:03.543792Z","id":"CVE-2026-12486","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2379","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12488","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.350","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. \n\n\nA specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability."}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GeoVision","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"V20.0.2","status":"affected"},{"version":"V20.1.0.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:55:06.184694Z","id":"CVE-2026-12488","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2411","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-12846","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.463","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.\n\nDVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. \n\n\n\nUpon receiving a UDP message,  the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:\n\n\n#### Net Mask field stack overflow\n\nThe following code is vulnerable to a stack overflow that is attacker-controlled:\n\n\n\n      v6 = strlen(g_network_config->net_mask);\n\n      memcpy(&reply_buf[184], g_network_config->net_mask, v6);"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"v2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:55:27.854943Z","id":"CVE-2026-12846","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12847","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.587","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.\n\nDVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. \n\n\n\nUpon receiving a UDP message,  the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:\n\n\n#### Gateway field stack overflow\n\nThe following code is vulnerable to a stack overflow that is attacker-controlled:\n\n\n\n      v7 = strlen(g_network_config->gateway);\n\n      memcpy(&reply_buf[216], g_network_config->gateway, v7);"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"v2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:16:28.900447Z","id":"CVE-2026-12847","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12848","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.710","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.\n\nDVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. \n\n\n\nUpon receiving a UDP message,  the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:\n\n\n\n#### DNS field stack overflow\n\nThe following code is vulnerable to a stack overflow that is attacker-controlled:\n\n\n\n    v8 = strlen(g_network_config->dns_addr);\n\n    memcpy(&reply_buf[248], g_network_config->dns_addr, v8);"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"v2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:46:58.574812Z","id":"CVE-2026-12848","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12849","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:26.890","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.\n\n\n`libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.)\n\n\n\n#### CNetSetObj::m_F_n_Set_Net_Mask command injection\n\nThe following function takes a string as a net mask address, performs no sanitization on it and calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. \n\n\n\n    int __fastcall CNetSetObj::m_F_n_Set_Net_Mask(const char **this, char *netmask_addr)\n\n    {\n\n      bool v2; // zf\n\n      char v4[72]; // [sp+0h] [bp-48h] BYREF\n\n\n\n      v2 = *this == 0;\n\n      if ( *this )\n\n        v2 = netmask_addr == 0;\n\n      if ( v2 )\n\n        return 0;\n\n      sprintf(v4, \"/sbin/ifconfig %s netmask %s\", *this, netmask_addr);  // attacker controlled netmask_addr\n\n      system(v4);\n\n      return 1;\n\n    }"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"V2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:53:33.251382Z","id":"CVE-2026-12849","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2379","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12850","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:27.020","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.\n\n\n`libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.)\n\n\n#### CNetSetObj::m_F_n_Set_Gate_way command injection\n\nThe following function takes a string as a gatewy address, performs no sanitization on it and calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. \n\n\n\n\n\n    int __fastcall CNetSetObj::m_F_n_Set_Gate_way(const char **this, char *gw, char *dev)\n\n    {\n\n      char s[324]; // [sp+4h] [bp-144h] BYREF\n\n\n\n      if ( !dev && !*this || !gw )\n\n        return 0;\n\n      system(\"/sbin/route del -net 224.0.0.0 netmask 224.0.0.0\");\n\n      system(\"/sbin/route del default \");\n\n      if ( dev )\n\n        sprintf(s, \"/sbin/route add default gw %s dev %s\", gw, dev); //attacker controlled gw string\n\n      else\n\n        sprintf(s, \"/sbin/route add default gw %s dev %s\", gw, *this); //attacker controlled gw string\n\n      system(s);\n\n      sprintf(s, \"/sbin/route add -net 224.0.0.0 netmask 224.0.0.0 gw %s dev %s\", gw, *this); //attacker controlled gw string\n\n      system(s);\n\n      return 1;\n\n      }"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"V2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:51:53.369783Z","id":"CVE-2026-12850","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2379","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-12851","sourceIdentifier":"0df08a0e-a200-4957-9bb0-084f562506f9","published":"2026-06-24T05:17:27.157","lastModified":"2026-06-25T14:02:35.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.\n\n\n`libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.)\n\n\n#### CNetSetObj::m_F_n_Set_DNS_Addr command injection\n\nThe following function can take up to two addresses, performs no sanitization and then calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. \n\n\n\n    int __fastcall CNetSetObj::m_F_n_Set_DNS_Addr(CNetSetObj *this, char *dns1, char *dns2)\n\n    {\n\n      int result; // r0\n\n      char v5[80]; // [sp+0h] [bp-50h] BYREF\n\n\n\n      if ( !dns1 )\n\n        result = 0;\n\n      if ( dns1 )\n\n      {\n\n        sprintf(v5, \"/bin/echo nameserver %s > /etc/resolv.conf\", dns1);  // attacker controlled dns1 field\n\n        system(v5);\n\n        if ( dns2 )\n\n        {\n\n          sprintf(v5, \"/bin/echo nameserver %s >> /etc/resolv.conf\", dns2);\n\n          system(v5);\n\n        }\n\n        return 1;\n\n      }\n\n      return result;"}],"affected":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","affectedData":[{"vendor":"GeoVision Inc.","product":"GV-I/O Box 4E","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"V2.09","status":"affected"},{"version":"V2.12","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:50:41.800146Z","id":"CVE-2026-12851","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0df08a0e-a200-4957-9bb0-084f562506f9","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2379","source":"0df08a0e-a200-4957-9bb0-084f562506f9"},{"url":"https://www.geovision.com.tw/cyber_security.php","source":"0df08a0e-a200-4957-9bb0-084f562506f9"}]}},{"cve":{"id":"CVE-2026-9539","sourceIdentifier":"info@starlabs.sg","published":"2026-06-24T05:17:31.100","lastModified":"2026-06-25T19:26:36.233","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a privileged guest VM attacker (root or CAP_NET_RAW) to leak gigabytes of sensitive host-process heap memory via sending crafted TCP segments with manipulated URG flags and urgent pointers (ti_urp)."}],"affected":[{"source":"info@starlabs.sg","affectedData":[{"vendor":"freedesktop.org","product":"libslirp","defaultStatus":"unaffected","repo":"https://gitlab.freedesktop.org/slirp/libslirp/","versions":[{"version":"0","lessThan":"4.9.2","versionType":"semver","status":"affected","changes":[{"at":"4.9.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"info@starlabs.sg","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:39:41.276722Z","id":"CVE-2026-9539","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@starlabs.sg","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://gitlab.freedesktop.org/slirp/libslirp/-/commit/927bca7344e31fd58e2f7afaca784aad4400eb84","source":"info@starlabs.sg"},{"url":"https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.9.2","source":"info@starlabs.sg"},{"url":"https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93","source":"info@starlabs.sg"},{"url":"https://gitlab.freedesktop.org/slirp/libslirp/-/work_items/93","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-10091","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:25.330","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cgarvey","product":"Email JavaScript Cloak","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.03","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:34:30.707951Z","id":"CVE-2026-10091","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/email-javascript-cloaker/trunk/email-js-cloak.php#L45","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/email-javascript-cloaker/trunk/email-js-cloak.php#L68","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16ded5aa-c8e8-4d98-b07f-e689ad0e03c7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10092","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:25.520","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation is possible because the plugin processes the [cincopa] shortcode via a comment_text filter hook, allowing unauthenticated visitors who can post comments to supply a malicious shortcode argument that persists in the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nicashmu","product":"Cincopa video and media plug-in","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.163","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:17:21.013166Z","id":"CVE-2026-10092","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/video-playlist-and-gallery-plugin/tags/1.163/wp-media-cincopa.php#L166","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/video-playlist-and-gallery-plugin/tags/1.163/wp-media-cincopa.php#L179","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/video-playlist-and-gallery-plugin/tags/1.163/wp-media-cincopa.php#L330","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d6304e5-7fbf-484d-b147-f2a6c2ee0658?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10531","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:25.643","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a page, allowing users with the Contributor role and above to perform Stored Cross-Site Scripting attacks."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"AI Share & Summarize","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:22:43.669243Z","id":"CVE-2026-10531","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/ebc956c2-42f4-495f-a37e-f83ed156af08/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-10552","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:25.740","lastModified":"2026-06-25T14:16:35.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel (blcap_main_page) and on the Hall of Shame and Log subpages, which accept a 'blcap_action' / 'action' parameter from $_REQUEST and perform destructive operations (plugin uninstall via blcap_uninstall(), log deletion via blcap_delete_logs(), Hall of Shame deletion via blcap_delete_ip_db(), and adding IPs to the banned list via update_option('blcap_settings')) with no wp_verify_nonce(), check_admin_referer(), or check_ajax_referer() calls anywhere in the codebase. This makes it possible for unauthenticated attackers to uninstall the plugin, delete audit logs, remove Hall of Shame entries, and add arbitrary IP addresses to the block list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"jotis","product":"Blue Captcha","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:32:39.773546Z","id":"CVE-2026-10552","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluecaptcha.php#L220","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluecaptcha.php#L221","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluehos.php#L51","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluehos.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluelog.php#L62","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/793072e9-250b-4a2c-819f-aa7e1dc7d4d6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10735","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:25.867","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 were distributed with malicious code through the vendor's compromised update server, allowing unauthenticated attackers to deploy a second-stage payload that exfiltrates credentials and other sensitive data and grants full control of affected sites."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"smart-post-show-pro","defaultStatus":"unaffected","versions":[{"version":"4.0.1","lessThan":"4.0.2","versionType":"semver","status":"affected"}]},{"vendor":"Unknown","product":"Real Testimonials Pro","defaultStatus":"unaffected","versions":[{"version":"3.2.4","lessThan":"3.2.5","versionType":"semver","status":"affected"}]},{"vendor":"Unknown","product":"Product Slider for WooCommerce Pro","defaultStatus":"unaffected","versions":[{"version":"3.5.2","lessThan":"3.5.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:07:14.060006Z","id":"CVE-2026-10735","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/160ee7f7-91b6-4cce-9462-837130621402/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-10749","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:25.970","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Post Duplicator","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.0.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:12:53.775296Z","id":"CVE-2026-10749","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/224c36b5-e604-4eb3-aad8-47283b95e994/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-10753","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:26.063","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Site Kit by Google  WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a site-wide Site Kit by Google  WordPress plugin before 1.176.0 setting that should only be modifiable by administrators."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Site Kit by Google","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.176.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:10:07.248667Z","id":"CVE-2026-10753","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/824a5c04-c7d6-4286-a499-48452db4d002/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-11997","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:26.280","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage(), which dispatches to launchbulk() / BulkSeoImageGo() whenever the request contains $_POST['bulkseoimage']. No wp_nonce_field() is emitted in the form and no check_admin_referer()/wp_verify_nonce() is performed before bulk-overwriting the _wp_attachment_image_alt post meta for every image attached to every published post and/or page. This makes it possible for unauthenticated attackers to bulk-overwrite image ALT-text metadata across the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"seo_tools","product":"Bulk SEO Image","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:52:13.314898Z","id":"CVE-2026-11997","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bulk-seo-image/tags/1.1/bulk-seo-image.php#L11","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bulk-seo-image/tags/1.1/bulk-seo-image.php#L147","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bulk-seo-image/tags/1.1/bulk-seo-image.php#L76","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ef176a6c-33d1-45d6-8a1d-3df1e8eb2170?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12094","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:26.403","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdb_ajax_delete_user() function in versions up to, and including, 1.0.0. The handler is registered against both `wp_ajax_cf7cdb_delete` and `wp_ajax_nopriv_cf7cdb_delete`, and it performs no nonce verification, no capability check, and no ownership check before invoking `$wpdb->delete()` against the `wp_cf7cdb_data` table with an attacker-supplied integer ID. This makes it possible for unauthenticated attackers to delete arbitrary contact form submission entries stored by the plugin by iterating sequential primary-key IDs."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"iamranit","product":"Advanced Contact Form 7 – Compact DB","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:26:51.568243Z","id":"CVE-2026-12094","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/advanced-contact-form-7-compact-db/trunk/cf7cdb.php#L104","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-contact-form-7-compact-db/trunk/cf7cdb.php#L115","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-contact-form-7-compact-db/trunk/cf7cdb.php#L120","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa5ddd8-8166-45eb-9576-8683c1d12cc6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12095","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:26.527","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The script echoes internal API response data (specifically the value of any 'auth' key in a JSON response body) verbatim back to the attacker's browser, enabling direct exfiltration of responses from internal services such as cloud instance metadata endpoints."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"bytuncay","product":"Kargo Takip","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:41:36.236959Z","id":"CVE-2026-12095","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kargo-takip/trunk/ui/decodeandview.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kargo-takip/trunk/ui/decodeandview.php#L28","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kargo-takip/trunk/ui/decodeandview.php#L3","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79d91300-b6b7-4c3f-89b1-c48b9e47c415?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12100","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:26.647","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"abhisheksaha11","product":"URL Preview","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:52:28.426687Z","id":"CVE-2026-12100","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/link-preview/trunk/class.linkpreview.php#L112","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/link-preview/trunk/class.linkpreview.php#L30","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/05de038f-eff4-4b00-930c-3d2335345869?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12416","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:26.767","lastModified":"2026-06-25T14:16:36.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the `pravel_invoice_change_password()` function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and performing a loose equality comparison between the supplied `reset_activation_code` POST parameter and the target user's stored `forgot_email` user meta — a check that trivially evaluates to true (`'' == ''`) for any user who has never initiated a forgot-password request, which applies to administrators under normal conditions. This makes it possible for unauthenticated attackers to supply an arbitrary user ID via the `reset_user_id` POST parameter, bypass the activation code check entirely by omitting `reset_activation_code`, and set the target account's password to an attacker-chosen value, enabling full takeover of any account on the site, including administrator accounts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pravel","product":"Invoice Generator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:31:03.534630Z","id":"CVE-2026-12416","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/invoice-creator/tags/1.0.0/lib/user-manage-function.php#L296","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/invoice-creator/tags/1.0.0/lib/user-manage-function.php#L303","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/invoice-creator/tags/1.0.0/lib/user-manage-function.php#L52","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cc0fbe84-e455-4e62-9c48-49340d08f81d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-4297","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:27.310","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server->login() (verifying credentials are valid) but does not perform any authorization check such as current_user_can('manage_options'). This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary WordPress options via XML-RPC requests. This can be leveraged to change the default_role option to 'administrator' and then register a new administrator account, achieving full privilege escalation and site takeover."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"newscred","product":"Welcome Software Publishing","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.0.31","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:49:59.958116Z","id":"CVE-2026-4297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L264","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L272","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L44","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L264","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L272","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L44","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/47e53fd3-4e3f-433a-8e70-3a58c864184a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6292","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:27.443","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is due to a completely broken nonce validation in the enter_mpclp_login_options() function, which contains an inverted check (if wp_verify_nonce(...) { return false; }) and is missing the required action parameter for wp_verify_nonce(). As a result, the nonce check is effectively dead code: it never blocks malicious requests because a CSRF-supplied empty/invalid nonce always returns false, satisfying the inverted condition to continue execution. Furthermore, the settings-update handler is hooked on init without any capability check. This makes it possible for unauthenticated attackers to modify all plugin setting, including login page background, logo URL, image dimensions, button colors, and login message, by tricking a logged-in administrator into submitting a crafted request."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"manuelpadillac","product":"MP Customize Login Page","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:37:24.049528Z","id":"CVE-2026-6292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/mp-customize-login-page/tags/1.0/class.mp-customize-login-page.php#L103","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-customize-login-page/tags/1.0/class.mp-customize-login-page.php#L13","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-customize-login-page/trunk/class.mp-customize-login-page.php#L103","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/mp-customize-login-page/trunk/class.mp-customize-login-page.php#L13","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b9216875-8cb6-45a7-b23b-19d13f8b49dc?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7617","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:27.570","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress site from its linked Secufor account by clearing the plugin's stored login token and user login configuration."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"secufor","product":"Secufor_OAuth","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:41:10.348279Z","id":"CVE-2026-7617","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wpoauth/tags/1.0.7/secuforoauth_login.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpoauth/tags/1.0.7/secuforoauth_login.php#L220","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpoauth/trunk/secuforoauth_login.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpoauth/trunk/secuforoauth_login.php#L220","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/61293c20-cabe-412d-94d1-1d0326d35a46?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8614","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:27.693","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings() function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's options including the critical 'assistiobot_oauth_settings' option, which disrupts the plugin's integration with the Assistio bot service."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"assistioai","product":"Assistio","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:15:10.328653Z","id":"CVE-2026-8614","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/assistio/tags/1.1.2/assistio.php#L346","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/assistio/tags/1.1.2/assistio.php#L350","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/754f9598-3b41-4fe3-b290-8422031991a8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8617","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:27.813","lastModified":"2026-06-25T14:16:55.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplus_save_token_action_callback() and searchplus_reset_token_action_callback() functions, both of which are exposed to unauthenticated users through the wp_ajax_nopriv_ hooks. This makes it possible for unauthenticated attackers to overwrite or delete the plugin's stored account token and account name options (dym_token, dym_name, searchplus_token, searchplus_name, sp_token, sp_name)."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ailchev","product":"SearchPlus","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:31:39.266052Z","id":"CVE-2026-8617","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/searchplus/tags/1.7.1/includes/functions.php#L24","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/searchplus/tags/1.7.1/includes/functions.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/searchplus/tags/1.7.1/includes/functions.php#L45","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/searchplus/tags/1.7.1/includes/functions.php#L57","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1800f37-f9ab-454b-84f7-4d5eb5ed3acf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8628","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.050","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The payload is delivered via attacker-controlled path-info in the URL (e.g., /wp-admin/admin.php/\"><script>alert(0)</script>/?page=EntreDroppers.php), which PHP_SELF reflects directly into the form action attribute."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"owencutajar","product":"EntreDroppers","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:50:49.486162Z","id":"CVE-2026-8628","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/entredropper/trunk/EntreDroppers.php#L223","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7fe4e182-5d0b-41da-8402-8b7de0b2c2e7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8688","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.170","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate, copy, move, or publish nav_menu_item posts via wp_insert_post(), modifying the site's navigation menus without authorization."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"krishaweb","product":"Advance Nav Menu Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:34:18.167729Z","id":"CVE-2026-8688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/class-advancenavmenumanager.php#L231","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/class-advancenavmenumanager.php#L236","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/option.php#L107","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/class-advancenavmenumanager.php#L231","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/class-advancenavmenumanager.php#L236","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/option.php#L107","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e234a79d-5d46-44db-833c-51e202dc49bf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8690","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.293","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read, create, update, and delete event records stored in the rentmy_events WordPress option, as well as overwrite the rentmy_locationId option."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rentmy","product":"RentMy Real-Time Rental Management Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.4.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:57:15.412607Z","id":"CVE-2026-8690","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/rentmy-online-rental-shop/trunk/includes/class-rentmy-ajax.php#L16","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rentmy-online-rental-shop/trunk/includes/class-rentmy-ajax.php#L53","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rentmy-online-rental-shop/trunk/includes/class-rentmy-ajax.php#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rentmy-online-rental-shop/trunk/includes/class-rentmy-ajax.php#L83","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fd399ed3-03b2-477c-b38c-549d6066b6e8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8705","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.417","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users (`wp_ajax_nopriv_clearsale_total_push`), and although a `wp_verify_nonce()` check exists, the failing branch's `die()` is commented out so execution continues regardless of nonce validity. On PHP < 8.0 the attacker-supplied `$metodo` value bypasses the `switch ($metodo) { case 4: ... }` guard via loose type juggling (the string `\"4 AND SLEEP(5)\"` compares equal to integer `4`), reaching an unquoted `UPDATE wp_cs_total_dadosextras SET metodo=$metodo, ...` query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires the target server to be running PHP < 8.0."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"clearsale","product":"ClearSale Total","defaultStatus":"unaffected","versions":[{"version":"<= 3.4.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:13:49.941720Z","id":"CVE-2026-8705","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/clearsale-total/tags/3.3.2/includes/class-clearsale-total-ajax.php#L325","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/clearsale-total/tags/3.4.2/includes/class-clearsale-total-ajax.php#L327","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/clearsale-total/trunk/includes/class-clearsale-total-ajax.php#L172","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/clearsale-total/trunk/includes/class-clearsale-total-ajax.php#L327","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/clearsale-total/trunk/includes/class-clearsale-total.php#L326","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/871f6611-3b5e-4e36-992c-726b31e88c95?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8865","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.543","lastModified":"2026-06-25T14:16:56.293","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes (notably 'title' and 'fixed_link') which are concatenated directly into single-quoted HTML attributes by the AVALON23_HELPER::draw_html_item() helper without esc_attr() or any other encoding. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"paradigmatools","product":"Avalon23 Products Filter for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:30:18.283992Z","id":"CVE-2026-8865","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/avalon23-products-filter-for-woocommerce/trunk/classes/helper.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/avalon23-products-filter-for-woocommerce/trunk/ext/qr_generator/index.php#L113","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/avalon23-products-filter-for-woocommerce/trunk/ext/qr_generator/index.php#L96","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/da9089a2-420f-4744-96d1-46c050a95328?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8905","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.777","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"osiris8","product":"Osiris Signature Banner","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:48:22.360481Z","id":"CVE-2026-8905","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/osiris-signature-banner/tags/0.5/osiris-signature-banner.php#L107","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/osiris-signature-banner/tags/0.5/osiris-signature-banner.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/osiris-signature-banner/tags/0.5/osiris-signature-banner.php#L139","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/osiris-signature-banner/tags/0.5/osiris-signature-banner.php#L189","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03226722-000c-4bfe-a09b-e75882274845?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9172","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:28.897","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the delete_single_account() function in versions up to, and including, 1.2.0. The REST route 'devs-accounting/v1/delete-account/(?P<id>\\d+)' is registered without any permission_callback, which causes WordPress to expose the endpoint to public, unauthenticated access. This makes it possible for unauthenticated attackers to soft-delete arbitrary accounting account records (wp_dac_accounts) by issuing a simple GET request to the endpoint with any account ID."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ajitdas","product":"Devs Accounting – Simple Accounting and Invoicing Solution","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:36:51.150212Z","id":"CVE-2026-9172","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/devs-accounting/tags/1.2.0/classes/class-devs-accounting-accounts.php#L199","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/devs-accounting/tags/1.2.0/classes/class-devs-accounting-accounts.php#L36","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bbe99411-ba74-4e97-8d14-659897942906?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9175","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.017","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the get_single_account() REST API callback being registered with a permission_callback that unconditionally returns true, providing no authentication or authorization checks on the /devs-accounting/v1/get-account/<id> endpoint. This makes it possible for unauthenticated attackers to read arbitrary private financial account records (including account name, bank name, and opening balance) by enumerating the numeric account ID, resulting in sensitive information disclosure."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ajitdas","product":"Devs Accounting – Simple Accounting and Invoicing Solution","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:35:01.286884Z","id":"CVE-2026-9175","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/devs-accounting/tags/1.2.0/classes/class-devs-accounting-accounts.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/devs-accounting/tags/1.2.0/classes/class-devs-accounting-accounts.php#L31","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2212585b-1437-40a8-a5da-5b5c9f88c365?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9178","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.133","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/<id> (callback userDetail()) with permission_callback set to '__return_true', and the function's home-grown authentication only verifies that the supplied 'Username' HTTP header maps to an administrator account and that a 'Password' HTTP header is non-empty. It never validates the password with wp_check_password() (unlike the sibling delete_wc_user() function which does). This makes it possible for unauthenticated attackers to retrieve sensitive information for any registered user ID — including the WordPress password hash (user_pass) and email address — by sending a request with a valid administrator login name (commonly the default 'admin') and any arbitrary password value."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"hancock11","product":"WP Forms Connector","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:12:27.782825Z","id":"CVE-2026-9178","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1464","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1477","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1490","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L739","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5dfafee-9b6c-4e57-b263-39ff15cd3b51?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9179","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.257","lastModified":"2026-06-25T14:16:56.503","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter (read directly from $_GET['order'] into $shorting) and the lack of sufficient preparation on the existing SQL query in the listPost() function, where the value is concatenated unquoted into the ORDER BY clause and executed via $wpdb->get_results() without $wpdb->prepare(). The endpoint is registered with permission_callback '__return_true' and performs only a broken header-based check that validates the supplied 'Username' corresponds to an administrator account while never verifying the 'Password'. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"hancock11","product":"WP Forms Connector","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:34:00.567245Z","id":"CVE-2026-9179","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1244","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L1259","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-forms-connector/tags/1.8/WP-Forms-Connector.php#L694","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2cd53590-ded1-4e68-a9a3-aa1d2d880b80?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9184","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.493","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce (which is generated and localized to any user with block editor access via lb24_block_enqueue_scripts()) and does not verify the user's capabilities or that the supplied user_id belongs to the current user. This makes it possible for authenticated attackers, with author-level access and above, to overwrite the lb24_token, lb24_uid, lb24_refresh_token, and lb24_uname user meta values of any user (including administrators) as well as the corresponding site-wide options, effectively hijacking the plugin's integration with the 24liveblog service."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"24liveblog","product":"24liveblog – live blog tool","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:51:41.367266Z","id":"CVE-2026-9184","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/24liveblog/trunk/plugin.php#L100","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/24liveblog/trunk/plugin.php#L104","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/24liveblog/trunk/plugin.php#L93","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/24liveblog/trunk/plugin.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/24liveblog/trunk/src/init.php#L127","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a7f22854-049a-4b4f-a448-13c416e0a6b7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9612","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.610","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdev_generate_order_pdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order details — including full name, email address, phone number, billing address, ordered items with quantities and prices, applied coupons, shipping method, and order total — from any customer's invoice by enumerating sequential order IDs. Invoice HTML files are written to the publicly accessible wp-content/uploads/whatsorder_invoices/ directory, which is created without an .htaccess deny rule or index.php guard, making every invoice directly downloadable over HTTP with no authentication check."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"yapacdev","product":"WhatsOrder – Instant Checkout for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:19:12.046726Z","id":"CVE-2026-9612","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.0/whatsorder-instant-checkout-for-woocommerce.php#L159","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.0/whatsorder-instant-checkout-for-woocommerce.php#L222","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.0/whatsorder-instant-checkout-for-woocommerce.php#L225","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.1/whatsorder-instant-checkout-for-woocommerce.php#L159","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.1/whatsorder-instant-checkout-for-woocommerce.php#L222","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whatsorder-instant-checkout-for-woocommerce/tags/1.0.1/whatsorder-instant-checkout-for-woocommerce.php#L225","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d625d6-57e0-4dc7-b3ee-cb0639a02230?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9616","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.730","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the site's security.txt file from the server filesystem or create the .well-known directory by directly invoking the delete_securitytxt or create_wellknown_folder AJAX actions."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"verenigingvanregistrars","product":"Generate Security.txt","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:42:08.108463Z","id":"CVE-2026-9616","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.11/admin/class-generate-security-txt-admin.php#L174","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.11/admin/class-generate-security-txt-admin.php#L1930","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.11/admin/class-generate-security-txt-admin.php#L1963","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.12/admin/class-generate-security-txt-admin.php#L174","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.12/admin/class-generate-security-txt-admin.php#L1930","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/generate-security-txt/tags/1.0.12/admin/class-generate-security-txt-admin.php#L1963","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b8d88cc2-91e4-4e53-8c46-93d6ce8bc320?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9619","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.850","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger outbound scraping of external websites and write scraped review data into the wp_dp_reviews database table, as well as send feature-request emails from the site administrator's email address."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"berfect","product":"Reviews and Rating – Docplanner","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:16:04.609547Z","id":"CVE-2026-9619","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/reviews-and-rating-docplanner/tags/1.1.4/classes/class-reviews-and-rating-docplanner.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/reviews-and-rating-docplanner/tags/1.1.4/classes/class-reviews-and-rating-docplanner.php#L369","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/reviews-and-rating-docplanner/tags/1.1.4/classes/class-reviews-and-rating-docplanner.php#L401","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/reviews-and-rating-docplanner/tags/1.1.4/classes/class-reviews-and-rating-docplanner.php#L410","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/reviews-and-rating-docplanner/tags/1.1.4/classes/class-reviews-and-rating-docplanner.php#L81","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5f71c834-15ee-48ea-8f8d-6ea4b72a14d8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9620","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:29.973","lastModified":"2026-06-25T14:16:56.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field() and loop() functions, which extract the raw src attribute value from <img> tags within post_content using a regular expression and then reconstruct new <img> elements or CSS background-image declarations by directly concatenating the unescaped value — bypassing WordPress's kses filtering entirely. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joomunited","product":"WP Latest Posts","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.0.11","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:28:52.020223Z","id":"CVE-2026-9620","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-latest-posts/tags/5.0.11/inc/wplp-front.inc.php#L2284","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-latest-posts/tags/5.0.11/inc/wplp-front.inc.php#L2326","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-latest-posts/tags/5.0.11/inc/wplp-front.inc.php#L2738","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e00f69d6-df33-4179-843b-98f8ed034e4a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9709","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:30.217","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co Cornerstone page builder distributed bundled with the X , not the unrelated free `cornerstone` Cornerstone WordPress plugin before 7.8.9 (v0.8.x) on the .org repository."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Cornerstone","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThan":"7.8.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:11:18.589476Z","id":"CVE-2026-9709","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/3ade0e4e-2070-4d3b-8f31-0d446839efd0/","source":"contact@wpscan.com"},{"url":"https://wpscan.com/vulnerability/3ade0e4e-2070-4d3b-8f31-0d446839efd0/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9710","sourceIdentifier":"contact@wpscan.com","published":"2026-06-24T07:16:30.317","lastModified":"2026-06-25T19:07:56.657","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary users and disclose their sensitive metadata including raw password hashes. This affects the premium co Cornerstone page builder distributed bundled with the X , not the unrelated free `cornerstone` Cornerstone WordPress plugin before 7.8.8 (v0.8.x) on the .org repository."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Cornerstone","defaultStatus":"unaffected","versions":[{"version":"3.0.0","lessThan":"7.8.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:07:07.183867Z","id":"CVE-2026-9710","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/4fc21e38-f2df-41be-86b7-a897483574bb/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-9721","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:30.410","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settings_form()/update_settings() functionality. The plugin's options page handler dispatches on the 'action' POST parameter and calls update_settings(), which persists plugin configuration (including the external database host, username, password, prefix, database name, encryption key, and registration page URL) via update_option(), without ever generating a nonce field in the settings form or verifying one (no wp_nonce_field(), check_admin_referer(), or wp_verify_nonce() exists anywhere in the plugin). This makes it possible for unauthenticated attackers to modify the plugin's database connection settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"chuhpl","product":"Book a Room Event Calendar","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:49:24.282716Z","id":"CVE-2026-9721","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/book-a-room-event-calendar/trunk/bookaroom-events-settings.php#L103","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/book-a-room-event-calendar/trunk/bookaroom-events-settings.php#L15","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/book-a-room-event-calendar/trunk/bookaroom-events-settings.php#L161","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18b77c9b-6614-4a3f-a003-54567d9c4408?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9724","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T07:16:30.530","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordesk_admin_home function. This makes it possible for unauthenticated attackers to update the plugin's configuration settings, including the search page URI and custom template directory path via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"motordesk","product":"MotorDesk","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:37:56.707817Z","id":"CVE-2026-9724","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/motordesk/trunk/include/motordesk_admin.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motordesk/trunk/include/motordesk_admin.php#L134","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motordesk/trunk/include/motordesk_admin.php#L157","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motordesk/trunk/include/motordesk_admin.php#L182","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3e9421-809c-423a-afcf-28c061c00fad?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56052","sourceIdentifier":"audit@patchstack.com","published":"2026-06-24T08:16:24.623","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection.\n\nThis issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"FunnelKit","product":"Funnel Builder by FunnelKit","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"funnel-builder","versions":[{"version":"n/a","lessThanOrEqual":"3.15.0.5","versionType":"custom","status":"affected","changes":[{"at":"3.15.0.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:21:58.235991Z","id":"CVE-2026-56052","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-15-0-5-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-7761","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T08:16:24.830","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() that allows any post to be used as a member directory by computing SUBSTRING(MD5(post_id), 11, 5), (2) a strstr() parsing logic flaw in post_data() that allows bypassing WordPress's protected meta key restrictions by placing '_um_' anywhere in the meta key name rather than at the start, and (3) missing field name validation in build_user_card_data() that allows arbitrary field names including 'password_reset_link' to be passed to um_filtered_value(). This makes it possible for authenticated attackers with Contributor-level access and above to create a malicious post via XMLRPC with crafted meta fields, use the MD5 fallback to point the member directory AJAX handler to their post, inject 'password_reset_link' into the tagline_fields configuration, and leak live password reset URLs for all users in the member directory response, including administrators."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ultimatemember","product":"Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.11.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:57:32.944884Z","id":"CVE-2026-7761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.4/includes/core/class-member-directory.php#L2726","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.4/includes/core/class-member-directory.php#L289","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.4/includes/core/class-query.php#L439","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.4/includes/um-short-functions.php#L2611","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/class-member-directory.php#L2726","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/class-member-directory.php#L289","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/core/class-query.php#L439","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/includes/um-short-functions.php#L2611","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3569970/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9aff7b03-4f03-434c-be87-b10ceeb4e625?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10745","sourceIdentifier":"80f39f49-2521-4ee7-9e17-af5d55e8032f","published":"2026-06-24T09:16:30.147","lastModified":"2026-06-25T20:11:34.393","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging.\n\nThis issue affects upKeeper Instant Privilege Access: through 1.6.1."}],"affected":[{"source":"80f39f49-2521-4ee7-9e17-af5d55e8032f","affectedData":[{"vendor":"upKeeper Solutions","product":"upKeeper Instant Privilege Access","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThanOrEqual":"1.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"80f39f49-2521-4ee7-9e17-af5d55e8032f","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:02:07.759944Z","id":"CVE-2026-10745","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"80f39f49-2521-4ee7-9e17-af5d55e8032f","type":"Secondary","description":[{"lang":"en","value":"CWE-117"}]}],"references":[{"url":"https://support.upkeeper.se/hc/en-us/articles/28408945088796-CVE-2026-10745-Improper-output-neutralization-for-logs","source":"80f39f49-2521-4ee7-9e17-af5d55e8032f"}]}},{"cve":{"id":"CVE-2026-11968","sourceIdentifier":"cve@gitlab.com","published":"2026-06-24T10:17:19.063","lastModified":"2026-06-25T20:21:19.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit"}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"TortoiseGit team","product":"TortoiseGit","defaultStatus":"unaffected","versions":[{"version":"1.8.10.0","lessThan":"2.19.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:00:55.601756Z","id":"CVE-2026-11968","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://gitlab.com/tortoisegit/tortoisegit/-/commit/7052e3ef61cd104f8a90fb3dcdfb403cbc8c1773","source":"cve@gitlab.com"},{"url":"https://tortoisegit.org/issue/4269","source":"cve@gitlab.com"}]}},{"cve":{"id":"CVE-2026-13150","sourceIdentifier":"4daa8cea-433a-44bd-9456-53b127fc289a","published":"2026-06-24T11:16:33.557","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the rendered content in the resulting PDF via a crafted Host header, because the target URL is built from request.base_url without validation."}],"affected":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","affectedData":[{"vendor":"Pentestify","product":"Pentestify","defaultStatus":"unaffected","repo":"https://github.com/ccyl13/Pentestify","versions":[{"version":"0","lessThan":"1.1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T11:57:12.138307Z","id":"CVE-2026-13150","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/ccyl13/Pentestify/commit/a058a22b42c6311895622645265df79a60265b1d","source":"4daa8cea-433a-44bd-9456-53b127fc289a"}]}},{"cve":{"id":"CVE-2025-71332","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:30.263","lastModified":"2026-06-26T01:59:39.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to be executed, including blind and error-based extraction of data from the credential table."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThanOrEqual":"2.2.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:53:13.620414Z","id":"CVE-2025-71332","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.7","matchCriteriaId":"D26D79B5-FE4C-4E7B-AEEC-CEC3B61FDF54"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9c4c-g95m-c8cp","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-sql-injection-in-importchatflows-api-via-chatflow-id-parameter","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9c4c-g95m-c8cp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-71354","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:30.413","lastModified":"2026-06-25T14:25:01.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load() is called."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.29","versionType":"semver","status":"affected"},{"version":"0.0.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:49:18.320277Z","id":"CVE-2025-71354","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3vg9-h568-4w9m","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idlelib-debugobj-objecttreeitem-settext","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3vg9-h568-4w9m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-71361","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:30.543","lastModified":"2026-06-25T14:25:01.413","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load()."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThan":"0.0.29","versionType":"semver","status":"affected"},{"version":"0.0.29","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:02:09.479182Z","id":"CVE-2025-71361","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-8r4j-24qv-fmq9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-undetected-idlelib-calltip-calltip-fetch-tip","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-8r4j-24qv-fmq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-12242","sourceIdentifier":"security@wordfence.com","published":"2026-06-24T13:16:31.447","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before concatenation into a PHP code string wrapped in W3 Total Cache mfunc or Borlabs Cache fragment markers. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP code on the server. This vulnerability requires W3 Total Cache or Borlabs Cache support to be enabled in AdRotate settings."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"adegans","product":"AdRotate Banner Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.17.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:01:30.997655Z","id":"CVE-2026-12242","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L276","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.4/adrotate-output.php#L288","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L276","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/tags/5.17.5/adrotate-output.php#L288","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L265","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L276","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-output.php#L288","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3582562/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f29b905c-57cf-4fb8-b6af-eb0c367cd3e4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13140","sourceIdentifier":"0f2be0ad-3469-4e56-b38f-4eb96719b425","published":"2026-06-24T13:16:31.710","lastModified":"2026-06-25T19:52:42.427","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens.\n\n\n\n\nAnonymous exploitation requires knowledge of a random identifier.\n\n\n\n\nThis issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e."}],"affected":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","affectedData":[{"vendor":"Thinkst Applied Research","product":"Canarytokens","defaultStatus":"unaffected","versions":[{"version":"sha-4116b92cb","lessThan":"f5aa5c4e","versionType":"custom","status":"affected"},{"version":"4116b92cb","lessThan":"f5aa5c4e","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:19:58.505826Z","id":"CVE-2026-13140","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-23pf-xjp2-48q6","source":"0f2be0ad-3469-4e56-b38f-4eb96719b425"}]}},{"cve":{"id":"CVE-2026-13163","sourceIdentifier":"4daa8cea-433a-44bd-9456-53b127fc289a","published":"2026-06-24T13:16:31.993","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u query parameter, because the URL scheme is validated (blocking javascript: and data:) but the destination host is not restricted to an allowlist, and a signing.BadSignature exception is silently caught so a valid signed token is not required."}],"affected":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","affectedData":[{"vendor":"Mailerup","product":"Mailerup","defaultStatus":"unaffected","repo":"https://github.com/Maalfer/mailerup","versions":[{"version":"0","lessThan":"1.0.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:06:55.947222Z","id":"CVE-2026-13163","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/Maalfer/mailerup/commit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5","source":"4daa8cea-433a-44bd-9456-53b127fc289a"}]}},{"cve":{"id":"CVE-2026-56223","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:33.067","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a malicious IdP can forge SAML assertions containing victim email addresses to trigger account merge and gain full access to victim accounts, organizations, and data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo-app","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:45:44.261860Z","id":"CVE-2026-56223","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-jhjh-vp9p-54fg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-account-takeover-via-cross-domain-sso-email-assertion-in-provision-user","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-jhjh-vp9p-54fg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56231","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:33.200","lastModified":"2026-06-25T14:16:51.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled app_id supplied in the request body and never verify that the jobId in the URL belongs to that app_id (or the same tenant/org) before issuing privileged builder commands with the server-held builder API key. An authenticated user with the app.build_native permission for any app they control can start or cancel arbitrary builder jobs belonging to other tenants by supplying a victim jobId, resulting in cross-tenant build sabotage (denial of service), unauthorized compute actions, and potential billing impact."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:26:09.295498Z","id":"CVE-2026-56231","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-72j4-9qp5-hfrg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-broken-object-level-authorization-in-build-job-control-via-jobid-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-72j4-9qp5-hfrg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56232","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:33.327","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the unrestricted parent key instead of the scoped subkey."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:14:10.341117Z","id":"CVE-2026-56232","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2h89-vcvx-5pvh","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-subkey-scope-bypass-in-middlewarekey-via-x-limited-key-id-header","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-2h89-vcvx-5pvh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56237","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:33.467","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key parameter in the generation request and supply arbitrary values, generating custom API keys without proper authorization, which can lead to unauthorized access to protected endpoints."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:54:49.075403Z","id":"CVE-2026-56237","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-22w2-mx2h-4fr7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-api-key-generation-via-client-side-parameter-manipulation","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-22w2-mx2h-4fr7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56244","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:33.597","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to configured receivers, breaking webhook authenticity and integrity."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","packageURL":"pkg:npm/capgo","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:47:42.614937Z","id":"CVE-2026-56244","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qrrx-x3qf-x87v","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-webhook-signing-secret-disclosure-via-non-admin-api-key","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-qrrx-x3qf-x87v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56245","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:34.820","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record_build_time with a public API key to poison billing and quota data for any organization, enabling resource exhaustion and cross-tenant billing manipulation."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:51:24.239030Z","id":"CVE-2026-56245","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-42f8-v563-5763","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/supabase-capgo-unauthenticated-cross-tenant-build-time-accounting-poisoning-via-record-build-time-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-42f8-v563-5763","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56256","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:34.980","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g., editing organization details, inviting users) do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can replay or modify a previously captured ORG API request to perform privileged organization actions, bypassing the globally enforced 2FA requirement."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:49:21.324827Z","id":"CVE-2026-56256","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-602"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-cww4-5xfp-jw98","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-two-factor-authentication-bypass-via-organization-management-api","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-cww4-5xfp-jw98","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56257","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.123","lastModified":"2026-06-25T14:16:53.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-brain ownership. Attackers can directly update apps.owner_org while leaving app_versions.owner_org unchanged, enabling old-org keys to retain access to version data while new-org keys control the app record."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:22:24.114460Z","id":"CVE-2026-56257","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-v9jp-r5wh-qqcp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-authorization-bypass-in-app-ownership-transfer-via-direct-postgrest-update","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-v9jp-r5wh-qqcp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56262","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.263","lastModified":"2026-06-26T02:00:03.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crawl4AI","product":"Crawl4AI","defaultStatus":"unaffected","packageURL":"pkg:pypi/crawl4ai","versions":[{"version":"0","lessThan":"0.8.7","versionType":"semver","status":"affected"},{"version":"0.8.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:16:24.817130Z","id":"CVE-2026-56262","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.7","matchCriteriaId":"5C153B68-AA3F-4755-BA13-E98AAB321695"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/crawl4ai-unauthenticated-access-to-monitor-endpoints-via-docker-api-server","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56269","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.400","lastModified":"2026-06-26T02:01:09.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key used to encrypt user IDs and workspace IDs in the 'meta' field of JWT tokens. An attacker who knows the default secret can decrypt this metadata to extract internal user and workspace identifiers, and re-encrypt manipulated values such as altered user or workspace IDs. Because the JWT signature is validated separately, decrypting or tampering with this metadata does not by itself grant access, but the disclosure of internal identifiers and possible metadata manipulation could aid privilege escalation or unauthorized data access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.0","versionType":"semver","status":"affected"},{"version":"3.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.3,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:58:08.791171Z","id":"CVE-2026-56269","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m7mq-85xj-9x33","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-weak-default-token-hash-secret-in-jwt-token-encryption","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56270","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.540","lastModified":"2026-06-26T02:01:17.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations. This affects FlowiseAI Cloud and self-hosted instances where the endpoint is exposed."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.1.0","versionType":"semver","status":"affected"},{"version":"3.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:44:43.195949Z","id":"CVE-2026-56270","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx","source":"disclosure@vulncheck.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-unauthenticated-oauth-secrets-disclosure-via-api-v1-loginmethod-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56272","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.680","lastModified":"2026-06-26T02:01:32.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Flowise","product":"Flowise","defaultStatus":"unaffected","packageURL":"pkg:npm/flowise","versions":[{"version":"0","lessThan":"3.0.13","versionType":"semver","status":"affected"},{"version":"3.0.13","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:52:34.998933Z","id":"CVE-2026-56272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-916"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.13","matchCriteriaId":"8C6D6D18-106F-49FE-B523-B5DCAADFB40F"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/flowise-insufficient-password-salt-rounds-in-bcrypt-hashing","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56302","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:35.937","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:37:54.900412Z","id":"CVE-2026-56302","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-8hq3-gg3m-vwvr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unsecured-supabase-images-bucket-via-missing-row-level-security","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-8hq3-gg3m-vwvr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56310","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.063","lastModified":"2026-06-25T14:16:54.113","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited_to_orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image_url, role, and is_tmp from organizations outside their assigned scope."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:21:01.025210Z","id":"CVE-2026-56310","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q7xv-p34q-v365","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cap-go-authorization-bypass-in-organization-members-endpoint-via-api-key-scope-bypass","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-q7xv-p34q-v365","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56337","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.197","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app_ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:16:54.633477Z","id":"CVE-2026-56337","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-wjqr-gmx8-jj56","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-information-disclosure-via-unauthenticated-rpc-function-exist-app-v2","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-wjqr-gmx8-jj56","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56338","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.343","lastModified":"2026-06-25T14:03:58.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors with captcha verification process failed messages, blocking access to security controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:58:47.357752Z","id":"CVE-2026-56338","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-703"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-m53g-7gcj-x6f7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-denial-of-service-in-2fa-email-verification-via-auth-v1-otp-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-m53g-7gcj-x6f7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56351","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.473","lastModified":"2026-06-26T02:01:57.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.4.0","versionType":"semver","status":"affected"},{"version":"2.4.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:42:29.024744Z","id":"CVE-2026-56351","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.4.0","matchCriteriaId":"C5902088-5F6C-4C1E-B349-C9C92CB346B1"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-sql-injection-in-mysql-postgresql-and-microsoft-sql-nodes","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56358","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.613","lastModified":"2026-06-26T02:02:10.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inject XSS payloads that execute persistently for all form visitors, enabling form hijacking and phishing attacks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.25","versionType":"semver","status":"affected"},{"version":"1.123.25","versionType":"semver","status":"unaffected"},{"version":"2.0.0-rc.0","lessThan":"2.11.2","versionType":"semver","status":"affected"},{"version":"2.11.2","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.11.2","versionType":"semver","status":"affected"},{"version":"2.11.2","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.25","versionType":"semver","status":"affected"},{"version":"1.123.25","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:01:36.636711Z","id":"CVE-2026-56358","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.25","matchCriteriaId":"3531A0AA-A14C-4B12-9DF5-FDD18045DE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.11.2","matchCriteriaId":"6A4BD033-FBE2-4007-B51F-E011D553C6C8"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-stored-cross-site-scripting-in-form-trigger-node","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56368","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.750","lastModified":"2026-06-26T21:51:23.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-15","versionType":"semver","status":"affected"},{"version":"7.1.2-15","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-40","versionType":"semver","status":"affected"},{"version":"6.9.13-40","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:37:57.353115Z","id":"CVE-2026-56368","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-40","matchCriteriaId":"C6F44A65-1733-4752-AAD0-BCCC7BDBC877"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-15","matchCriteriaId":"6AFFD439-1068-4B6F-AE01-724AC62CDCEA"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-memory-leak-in-raw-pixel-data-coders","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56370","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:36.900","lastModified":"2026-06-26T21:50:37.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"7.1.2-19","versionType":"semver","status":"affected"},{"version":"7.1.2-19","versionType":"semver","status":"unaffected"}]},{"vendor":"ImageMagick","product":"ImageMagick","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.9.13-44","versionType":"semver","status":"affected"},{"version":"6.9.13-44","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:20:24.893673Z","id":"CVE-2026-56370","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.13-44","matchCriteriaId":"FEBAB6BF-AFEC-4D29-95E8-88C4585C9896"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.1.2-19","matchCriteriaId":"80D20334-B25F-479D-A411-DBD1364D303C"}]}]}],"references":[{"url":"https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/imagemagick-out-of-bounds-access-in-connectedcomponentsimage-via-connected-components-artifact","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56761","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T13:16:37.043","lastModified":"2026-06-26T19:59:03.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitrary attributes or elements."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"hono","product":"hono","defaultStatus":"unaffected","packageURL":"pkg:npm/hono","versions":[{"version":"0","lessThan":"4.12.14","versionType":"semver","status":"affected"},{"version":"4.12.14","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T12:17:51.436803Z","id":"CVE-2026-56761","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hono:hono:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.12.14","matchCriteriaId":"7477E3C7-3EC7-4939-83B5-306097CE563C"}]}]}],"references":[{"url":"https://github.com/honojs/hono/security/advisories/GHSA-458j-xx4x-4375","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/hono-html-injection-via-improper-jsx-attribute-name-handling-in-ssr","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-29034","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T14:17:30.867","lastModified":"2026-06-24T14:17:30.867","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-42450","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T14:17:31.190","lastModified":"2026-06-25T20:18:11.603","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"AcademySoftwareFoundation","product":"OpenColorIO","versions":[{"version":"< 2.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:55:57.321077Z","id":"CVE-2026-42450","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"references":[{"url":"https://github.com/AcademySoftwareFoundation/OpenColorIO/releases/tag/v2.5.2","source":"security-advisories@github.com"},{"url":"https://github.com/AcademySoftwareFoundation/OpenColorIO/security/advisories/GHSA-rxp3-rrgx-f547","source":"security-advisories@github.com"},{"url":"https://github.com/AcademySoftwareFoundation/OpenColorIO/security/advisories/GHSA-rxp3-rrgx-f547","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57280","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:33.910","lastModified":"2026-06-26T19:59:19.230","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Script Security Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1402.v94c9ce464861","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:58:13.350575Z","id":"CVE-2026-57280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1402.v94c9ce464861","matchCriteriaId":"3B2A92D1-EE7D-464B-954E-2CB5586A30D8"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3792","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57282","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.140","lastModified":"2026-06-26T20:20:29.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Git client Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.6.0","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:59:44.514464Z","id":"CVE-2026-57282","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"6.6.1","matchCriteriaId":"BF83CD5B-DBFA-411C-BF9B-D04D95C02D43"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3723","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57283","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.270","lastModified":"2026-06-26T20:20:12.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Pipeline: Groovy Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4331.v9d06ed4658ff","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:00:53.686945Z","id":"CVE-2026-57283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"4331.v9d06ed4658ff","matchCriteriaId":"B80BB2D5-E938-4601-AAAF-E377F623C888"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57284","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.363","lastModified":"2026-06-26T20:20:17.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Pipeline: Groovy Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4331.v9d06ed4658ff","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:59:08.756421Z","id":"CVE-2026-57284","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-470"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"4331.v9d06ed4658ff","matchCriteriaId":"B80BB2D5-E938-4601-AAAF-E377F623C888"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57285","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.450","lastModified":"2026-06-26T19:59:33.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins GitHub Branch Source Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1967.1969.v205fd594c821","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:02:01.068591Z","id":"CVE-2026-57285","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1967.1969.v205fd594c821","matchCriteriaId":"4DE8E19F-6254-4445-9509-846532CDC0E6"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3808","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57286","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.707","lastModified":"2026-06-26T19:09:45.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Git Parameter Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"462.vdcf3df2ed2ca_","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:10:49.851378Z","id":"CVE-2026-57286","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:git_parameter:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"462.vdcf3df2ed2ca","matchCriteriaId":"E9503BF5-6E97-417B-A823-43FF97B2B3AC"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3745","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57287","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:34.943","lastModified":"2026-06-26T19:09:34.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Job Configuration History Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1356.ve360da_6c523a_","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:12:08.713773Z","id":"CVE-2026-57287","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1356.ve360da_6c523a","matchCriteriaId":"2E355F6C-FEE8-4553-9A87-1AE7A7A88818"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57288","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.030","lastModified":"2026-06-26T19:08:54.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Active Directory Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.41.1","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:13:46.534006Z","id":"CVE-2026-57288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"2.41.2","matchCriteriaId":"6FE2C059-5052-4FCE-A5E8-86A26841B120"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3651","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57289","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.140","lastModified":"2026-06-26T19:59:46.020","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Bitbucket Push and Pull Request Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.8","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:15:12.385742Z","id":"CVE-2026-57289","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:bitbucket_push_and_pull_request:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"3.3.9","matchCriteriaId":"E2F8FAD7-B7B9-440C-B33A-E3EC756EAD1D"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3856","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57290","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.253","lastModified":"2026-06-26T19:08:03.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Priority Sorter Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"936.v2c01c6b_84449","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:11:20.363370Z","id":"CVE-2026-57290","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:priority_sorter:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"936.v2c01c6b_84449","matchCriteriaId":"07096959-650A-4FA0-AC30-E284ED34EA89"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3769","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57291","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.347","lastModified":"2026-06-25T14:01:47.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Gitee Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1288.v18b_deb_c9069b_","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:06:16.400479Z","id":"CVE-2026-57291","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(1)","source":"jenkinsci-cert@googlegroups.com"}]}},{"cve":{"id":"CVE-2026-57292","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.433","lastModified":"2026-06-25T14:01:47.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Gitee Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1288.v18b_deb_c9069b_","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:09:52.560807Z","id":"CVE-2026-57292","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(1)","source":"jenkinsci-cert@googlegroups.com"}]}},{"cve":{"id":"CVE-2026-57293","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.520","lastModified":"2026-06-25T14:01:47.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Gitee Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1288.v18b_deb_c9069b_","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:47:10.949753Z","id":"CVE-2026-57293","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(2)","source":"jenkinsci-cert@googlegroups.com"}]}},{"cve":{"id":"CVE-2026-57294","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.613","lastModified":"2026-06-26T19:07:28.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins EC2 Fleet Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.2.3.539.v8fedff2a_81c3","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:46:30.569141Z","id":"CVE-2026-57294","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:ec2_fleet:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"4.2.3.539.v8fedff2a_81c3","matchCriteriaId":"E211693D-24AF-4970-901C-B11493718DB2"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3774","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57295","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.703","lastModified":"2026-06-26T19:06:56.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins EC2 Fleet Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.2.3.539.v8fedff2a_81c3","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:16:32.312278Z","id":"CVE-2026-57295","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:ec2_fleet:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"4.2.3.539.v8fedff2a_81c3","matchCriteriaId":"E211693D-24AF-4970-901C-B11493718DB2"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3774","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57296","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.790","lastModified":"2026-06-25T14:01:47.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins External Workspace Manager Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.3.2","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:36:54.539819Z","id":"CVE-2026-57296","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3777","source":"jenkinsci-cert@googlegroups.com"}]}},{"cve":{"id":"CVE-2026-57298","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:35.970","lastModified":"2026-06-25T14:01:47.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Contrast Continuous Application Security Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.11","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:09:15.997522Z","id":"CVE-2026-57298","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3697%20(1)","source":"jenkinsci-cert@googlegroups.com"}]}},{"cve":{"id":"CVE-2026-57300","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.140","lastModified":"2026-06-26T19:06:34.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins MCP Server Plugin","defaultStatus":"affected","versions":[{"version":"0.172.174.v9f72da_90a_710","status":"unaffected"},{"version":"0.178.vffe5a_e770f3b_","lessThan":"*","versionType":"maven","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:35:38.690234Z","id":"CVE-2026-57300","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:mcp_server:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"0.177.v629fdb_2557fe","matchCriteriaId":"E83DF619-067F-4268-8FB7-9ECE6874A20C"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3759","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57301","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.230","lastModified":"2026-06-26T19:06:19.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins OWASP ZAP Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.0.7","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:31:00.492141Z","id":"CVE-2026-57301","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-610"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:official_owasp_zap:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.0.7","matchCriteriaId":"27D03468-FD15-4CF4-AC89-14588C0882A0"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3649","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57302","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.320","lastModified":"2026-06-26T19:05:54.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins FitNesse Plugin","defaultStatus":"unknown","versions":[{"version":"1.36","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:28:23.974738Z","id":"CVE-2026-57302","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-256"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:fitnesse:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.36","matchCriteriaId":"A9A99457-45B9-4255-BB61-E64DADD3CC47"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3555","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57303","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.407","lastModified":"2026-06-25T18:45:53.067","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Assembla Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.4","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:18:07.148541Z","id":"CVE-2026-57303","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:assembla:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.4","matchCriteriaId":"CF48857F-46D2-4BB3-A90E-EBF623FEBEBE"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3692%20(1)","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57304","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.497","lastModified":"2026-06-25T18:46:03.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Assembla Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.4","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:11:56.930062Z","id":"CVE-2026-57304","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:assembla:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.4","matchCriteriaId":"CF48857F-46D2-4BB3-A90E-EBF623FEBEBE"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3692%20(2)","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57305","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.593","lastModified":"2026-06-25T18:46:10.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Assembla Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.4","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:01:30.519242Z","id":"CVE-2026-57305","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:assembla:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.4","matchCriteriaId":"CF48857F-46D2-4BB3-A90E-EBF623FEBEBE"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3692%20(2)","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57306","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.680","lastModified":"2026-06-26T19:05:40.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Zowe zDevOps Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.1.3.50.ve350c9b_450b_1","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:00:26.664801Z","id":"CVE-2026-57306","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:zowe_zdevops:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.1.3.50.ve350c9b_450b_1","matchCriteriaId":"26D18D31-2A06-4A0C-B9EA-A20695A26F90"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3747","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57307","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-06-24T14:17:36.770","lastModified":"2026-06-26T19:05:28.687","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}],"affected":[{"source":"jenkinsci-cert@googlegroups.com","affectedData":[{"vendor":"Jenkins Project","product":"Jenkins Zowe zDevOps Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.1.3.50.ve350c9b_450b_1","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T13:57:29.860876Z","id":"CVE-2026-57307","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:zowe_zdevops:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.1.3.50.ve350c9b_450b_1","matchCriteriaId":"26D18D31-2A06-4A0C-B9EA-A20695A26F90"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3747","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12986","sourceIdentifier":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","published":"2026-06-24T15:16:39.737","lastModified":"2026-06-25T20:11:34.393","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain.\n\nA Server-Side Request Forgery (SSRF) vulnerability in the DownloadServlet of the Admin GUI in Payara Server allows a remote attacker to exfiltrate the administrator's REST session token (gfresttoken) to an attacker-controlled host via a crafted request URL. Combined with the absence of CSRF protection on DownloadServlet, an unauthenticated attacker can trick a logged-in administrator into triggering the token leak, then replay the stolen token to gain full administrative access to the Payara domain, leading to arbitrary code execution via WAR deployment. The vulnerability exists in the DownloadServlet and associated ContentSource implementations (LogViewerContentSource, LogFilesContentSource, LBConfigContentSource, ClientStubsContentSource) within the admingui:console-common module."}],"affected":[{"source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","affectedData":[{"vendor":"Payara","product":"Payara Server","defaultStatus":"affected","packageName":"org.glassfish.main.admingui:console-common","modules":["Admin GUI"],"platforms":["Windows","Linux","MacOS"],"repo":"https://github.com/payara/Payara/","versions":[{"version":"7.2025.1","lessThan":"7.2026.6","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.1.0","versionType":"semver","status":"affected"},{"version":"6.0.0","lessThan":"6.39.0","versionType":"semver","status":"affected"},{"version":"5.20.0","lessThan":"5.88.0","versionType":"semver","status":"affected"},{"version":"4.1.144","lessThan":"4.1.2.191.56","versionType":"custom","status":"affected"},{"version":"5.181","lessThanOrEqual":"5.201.2","versionType":"custom","status":"affected"},{"version":"5.2020.1","lessThanOrEqual":"5.2022.5","versionType":"custom","status":"affected"},{"version":"6.2023.1","lessThanOrEqual":"6.2025.11","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Amber","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:52:09.838012Z","id":"CVE-2026-12986","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8","type":"Secondary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%207.2026.6.html","source":"769c9ae7-73c3-4e47-ae19-903170fc3eb8"}]}},{"cve":{"id":"CVE-2026-50698","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T15:16:40.873","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","Linux","MacOS"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:48:09.932212Z","id":"CVE-2026-50698","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/rufus","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/rufus","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50699","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T15:16:41.000","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","Linux","MacOS"],"versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:45:44.122490Z","id":"CVE-2026-50699","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/monkeys","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/monkeys","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49269","sourceIdentifier":"cve@mitre.org","published":"2026-06-24T16:16:30.410","lastModified":"2026-06-25T19:14:05.160","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:05:48.776376Z","id":"CVE-2026-49269","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://gist.github.com/scndls/9cbe31f2b0b1578eaeb311e601335355","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-50700","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:30.897","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","Linux","MacOS"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:50:15.340970Z","id":"CVE-2026-50700","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/caligaris","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"}]}},{"cve":{"id":"CVE-2026-50701","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.007","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:49:49.712333Z","id":"CVE-2026-50701","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/nena","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"}]}},{"cve":{"id":"CVE-2026-50703","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.130","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:49:16.406474Z","id":"CVE-2026-50703","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/soja","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"}]}},{"cve":{"id":"CVE-2026-50704","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.247","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:48:15.033132Z","id":"CVE-2026-50704","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/molotov","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/molotov","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50705","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.377","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:47:32.423824Z","id":"CVE-2026-50705","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/aterciopelados","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/aterciopelados","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50708","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.507","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:45:53.899182Z","id":"CVE-2026-50708","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/extremoduro","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/extremoduro","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50709","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.630","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:44:56.401711Z","id":"CVE-2026-50709","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/journey","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/journey","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50710","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.747","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:43:45.566286Z","id":"CVE-2026-50710","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/sum41","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/sum41","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50711","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.857","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"repo":"https://github.com/frappe/frappe","versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:42:35.460125Z","id":"CVE-2026-50711","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/disturbed","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/disturbed","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50712","sourceIdentifier":"help@fluidattacks.com","published":"2026-06-24T16:16:31.970","lastModified":"2026-06-25T14:04:33.590","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component"}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"Frappe","product":"Frappe Framework","defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"versions":[{"version":"17.0.0-dev","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"help@fluidattacks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:38:16.877100Z","id":"CVE-2026-50712","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"help@fluidattacks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://fluidattacks.com/es/advisories/misfits","source":"help@fluidattacks.com"},{"url":"https://github.com/frappe/frappe","source":"help@fluidattacks.com"},{"url":"https://fluidattacks.com/es/advisories/misfits","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55488","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T16:16:32.793","lastModified":"2026-06-25T18:56:54.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"motionEye (mEye) is an online interface for a piece of software called \"motion,\" which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using `os.path.join()`. When an absolute path is supplied, Python discards the configured media directory and returns the attacker-supplied path directly. The application then bypasses Tornado's built-in path validation by overriding the relevant safety checks. As a result, an attacker can access files outside of the configured camera media directory, subject to the permissions of the motionEye process. Version 0.44.0 fixes the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"motioneye-project","product":"motioneye","versions":[{"version":"< 0.44.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:03:33.437165Z","id":"CVE-2026-55488","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rw9q-97r9-8gvh","source":"security-advisories@github.com"},{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rw9q-97r9-8gvh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56111","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T16:16:32.930","lastModified":"2026-06-25T19:25:23.370","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single crafted G-code command via USB serial, network interface, or malicious gcode file to write an attacker-controlled 32-bit float value past the z_values array bounds, corrupting adjacent firmware variables and causing denial of service or firmware state corruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"MarlinFirmware","product":"Marlin","defaultStatus":"affected","repo":"https://github.com/MarlinFirmware/Marlin","versions":[{"version":"0","lessThanOrEqual":"2.1.2.7","versionType":"custom","status":"affected"},{"version":"1f255d16ec2d456454fd444494cfb338d62b0fa1","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T15:52:16.839509Z","id":"CVE-2026-56111","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://github.com/MarlinFirmware/Marlin/commit/1f255d16ec2d456454fd444494cfb338d62b0fa1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MarlinFirmware/Marlin/issues/28467","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MarlinFirmware/Marlin/pull/28468","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/marlin-firmware-out-of-bounds-write-via-m421-g-code-handler","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56118","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T16:16:33.063","lastModified":"2026-06-24T16:16:33.063","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-56119","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T16:16:33.140","lastModified":"2026-06-24T16:16:33.140","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-13164","sourceIdentifier":"4daa8cea-433a-44bd-9456-53b127fc289a","published":"2026-06-24T17:16:56.847","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the AllowAny permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker"}],"affected":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","affectedData":[{"vendor":"Mailerup","product":"Mailerup","defaultStatus":"unaffected","repo":"https://github.com/Maalfer/mailerup","versions":[{"version":"0","lessThan":"1.0.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:42:15.974524Z","id":"CVE-2026-13164","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"4daa8cea-433a-44bd-9456-53b127fc289a","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/Maalfer/mailerup/commit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5","source":"4daa8cea-433a-44bd-9456-53b127fc289a"},{"url":"https://secur0.com/en/cna/cve-list/cve-2026-13164-unauthenticated-self-registration-in-mailerup-allows-access-to-stored-email-data","source":"4daa8cea-433a-44bd-9456-53b127fc289a"}]}},{"cve":{"id":"CVE-2026-53047","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.533","lastModified":"2026-06-24T17:17:16.533","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect sizeof in phys array reallocation\n\nThe krealloc() call for cap_info->phys in __efi_capsule_setup_info() uses\nsizeof(phys_addr_t *) instead of sizeof(phys_addr_t), which might be\ncausing an undersized allocation.\n\nThe allocation is also inconsistent with the initial array allocation in\nefi_capsule_open() that allocates one entry with sizeof(phys_addr_t),\nand the efi_capsule_write() function that stores phys_addr_t values (not\npointers) via page_to_phys().\n\nOn 64-bit systems where sizeof(phys_addr_t) == sizeof(phys_addr_t *), this\ngoes unnoticed. On 32-bit systems with PAE where phys_addr_t is 64-bit but\npointers are 32-bit, this allocates half the required space, which might\nlead to a heap buffer overflow when storing physical addresses.\n\nThis is similar to the bug fixed in commit fccfa646ef36 (\"efi/capsule-loader:\nfix incorrect allocation size\") which fixed the same issue at the initial\nallocation site."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/firmware/efi/capsule-loader.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"22022cd8851703a58f67615a17bc7e9e8682785b","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"67adde6bfdfd563a54b045d59aeb9a2d90c80697","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"608e1f7bc9d171ab26c1fba288c97fc76363c27d","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"8be69e9245f805566bac68ffc8574b64735fd996","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"5e185330d902b12fe8e6eb4b8514b5d736d8d66d","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"e0e6b14995fd6fa2c0df8c712d76ab32f0694c31","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"ab3f7098a3a27175b91cfc947950f5c26855801b","versionType":"git","status":"affected"},{"version":"f24c4d478013d82bd1b943df566fff3561d52864","lessThan":"48a428215782321b56956974f23593e40ce84b7a","versionType":"git","status":"affected"},{"version":"95a362c9a6892085f714eb6e31eea6a0e3aa93bf","versionType":"git","status":"affected"},{"version":"4.14.13","lessThan":"4.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/firmware/efi/capsule-loader.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/22022cd8851703a58f67615a17bc7e9e8682785b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/48a428215782321b56956974f23593e40ce84b7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5e185330d902b12fe8e6eb4b8514b5d736d8d66d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/608e1f7bc9d171ab26c1fba288c97fc76363c27d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/67adde6bfdfd563a54b045d59aeb9a2d90c80697","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8be69e9245f805566bac68ffc8574b64735fd996","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ab3f7098a3a27175b91cfc947950f5c26855801b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e0e6b14995fd6fa2c0df8c712d76ab32f0694c31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53048","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:16.660","lastModified":"2026-06-24T17:17:16.660","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: prevent NULL pointer dereference during unmount\n\nWhen flushing out outstanding glock work during an unmount, gfs2_log_flush()\ncan be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc\nis NULL.  Commit 35264909e9d1 (\"gfs2: Fix NULL pointer dereference in\ngfs2_log_flush\") added a check for that to gfs2_log_flush() itself, but it\nmissed the sdp->sd_jdesc dereference in gfs2_log_release().  Fix that."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/gfs2/log.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c3c5cfa3170c0940bc66a142859caac07d19b9d6","lessThan":"cec55674354794eddb80b914f73a6bf9b7fc304a","versionType":"git","status":"affected"},{"version":"5f6a84cfb33b34610623857bd93919dcb661e29b","lessThan":"2fc4c868c9060f424fd4a7cacb0aec5082aba4de","versionType":"git","status":"affected"},{"version":"3429ef5f50909cee9e498c50f0c499b9397116ce","lessThan":"233a0945a4b1dbe3f38c30afb7d05b76c67f1193","versionType":"git","status":"affected"},{"version":"35264909e9d1973ab9aaa2a1b07cda70f12bb828","lessThan":"e15f16761594e80b15776980b27c35477655a135","versionType":"git","status":"affected"},{"version":"35264909e9d1973ab9aaa2a1b07cda70f12bb828","lessThan":"d8ffae016c4a78693fe1283335d0b6833a9c1366","versionType":"git","status":"affected"},{"version":"35264909e9d1973ab9aaa2a1b07cda70f12bb828","lessThan":"abd73229f0e886a91a16ea781ab656bd9b4d1ee8","versionType":"git","status":"affected"},{"version":"35264909e9d1973ab9aaa2a1b07cda70f12bb828","lessThan":"74b4dbb946060a3233604d91859a9abd3708141d","versionType":"git","status":"affected"},{"version":"f54f9d5368a4e92ede7dd078a62788dae3a7c6ef","versionType":"git","status":"affected"},{"version":"5.15.200","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.162","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.37","lessThan":"6.6.141","versionType":"semver","status":"affected"},{"version":"6.9.8","lessThan":"6.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/gfs2/log.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/233a0945a4b1dbe3f38c30afb7d05b76c67f1193","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2fc4c868c9060f424fd4a7cacb0aec5082aba4de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/74b4dbb946060a3233604d91859a9abd3708141d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/abd73229f0e886a91a16ea781ab656bd9b4d1ee8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cec55674354794eddb80b914f73a6bf9b7fc304a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d8ffae016c4a78693fe1283335d0b6833a9c1366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e15f16761594e80b15776980b27c35477655a135","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53051","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.083","lastModified":"2026-06-24T17:17:17.083","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: tegra194: Fix CBB timeout caused by DBI access before core power-on\n\nWhen PERST# is deasserted twice (assert -> deassert -> assert -> deassert),\na CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc\n(PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify()\nand dw_pcie_ep_cleanup() are called before reset_control_deassert() powers\non the controller core.\n\nThe call chain that causes the timeout:\n\n  pex_ep_event_pex_rst_deassert()\n    pci_epc_deinit_notify()\n      pci_epf_test_epc_deinit()\n        pci_epf_test_clear_bar()\n          pci_epc_clear_bar()\n            dw_pcie_ep_clear_bar()\n              __dw_pcie_ep_reset_bar()\n                dw_pcie_dbi_ro_wr_en()      <- Accesses 0x8bc DBI register\n    reset_control_deassert(pcie->core_rst)  <- Core powered on HERE\n\nThe DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only\naccessible after the controller core is powered on via\nreset_control_deassert(pcie->core_rst). Accessing them before this point\nresults in a CBB timeout because the hardware is not yet operational.\n\nFix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to\nafter reset_control_deassert(pcie->core_rst), ensuring the controller is\nfully powered on before any DBI register accesses occur."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pci/controller/dwc/pcie-tegra194.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"72034050ccf4202cd6558b0afd2474f756ea3b9b","lessThan":"010983063a806720b45778d191335f8ea864fea3","versionType":"git","status":"affected"},{"version":"40e2125381dc11379112485e3eefdd25c6df5375","lessThan":"b059a41bdd5b202b2b9d7708403fb43c69689e53","versionType":"git","status":"affected"},{"version":"40e2125381dc11379112485e3eefdd25c6df5375","lessThan":"ce899f9c019591b73ef84b9afa332ed53beece25","versionType":"git","status":"affected"},{"version":"40e2125381dc11379112485e3eefdd25c6df5375","lessThan":"34b3eef48d980cd37b876e128bbf314f69fb5d70","versionType":"git","status":"affected"},{"version":"70212c2300971506e986d95000d2745529cac9d7","versionType":"git","status":"affected"},{"version":"6.12.2","lessThan":"6.12.91","versionType":"semver","status":"affected"},{"version":"6.11.11","lessThan":"6.12","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pci/controller/dwc/pcie-tegra194.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/010983063a806720b45778d191335f8ea864fea3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/34b3eef48d980cd37b876e128bbf314f69fb5d70","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b059a41bdd5b202b2b9d7708403fb43c69689e53","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ce899f9c019591b73ef84b9afa332ed53beece25","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53052","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.200","lastModified":"2026-06-24T17:17:17.200","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: qdsp6: topology: check widget type before accessing data\n\nCheck widget type before accessing the private data, as this could a\nvirtual widget which is no associated with a dsp graph, container and\nmodule. Accessing witout check could lead to incorrect memory access."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/soc/qcom/qdsp6/topology.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"8e8cd78b6000c9d19db249a5a68287158f288ef3","versionType":"git","status":"affected"},{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"1ac96689ce2984f4f6ef8892fcb65da377408421","versionType":"git","status":"affected"},{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"296810e91f21a21794886c57f954495d8afd7f32","versionType":"git","status":"affected"},{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"a1a24d4b8c9682f9b7a9138f636ff004c721aef1","versionType":"git","status":"affected"},{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"6d2491a585202a967ed91f30ec5960024f2536d0","versionType":"git","status":"affected"},{"version":"36ad9bf1d93d66b901342eab9f8ed6c1537655a6","lessThan":"d5bfdd28e0cdd45043ae6e0ac168a451d59283dc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/soc/qcom/qdsp6/topology.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1ac96689ce2984f4f6ef8892fcb65da377408421","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/296810e91f21a21794886c57f954495d8afd7f32","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6d2491a585202a967ed91f30ec5960024f2536d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8e8cd78b6000c9d19db249a5a68287158f288ef3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a1a24d4b8c9682f9b7a9138f636ff004c721aef1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d5bfdd28e0cdd45043ae6e0ac168a451d59283dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53056","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:17.663","lastModified":"2026-06-24T17:17:17.663","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: fix mismatch between power and frequency\n\nDuring DPU runtime suspend, calling dev_pm_opp_set_rate(dev, 0) drops\nthe MMCX rail to MIN_SVS while the core clock frequency remains at its\noriginal (highest) rate. When runtime resume re-enables the clock, this\nmay result in a mismatch between the rail voltage and the clock rate.\n\nFor example, in the DPU bind path, the sequence could be:\n  cpu0: dev_sync_state -> rpmhpd_sync_state\n  cpu1:                                     dpu_kms_hw_init\ntimeline 0 ------------------------------------------------> t\n\nAfter rpmhpd_sync_state, the voltage performance is no longer guaranteed\nto stay at the highest level. During dpu_kms_hw_init, calling\ndev_pm_opp_set_rate(dev, 0) drops the voltage, causing the MMCX rail to\nfall to MIN_SVS while the core clock is still at its maximum frequency.\nWhen the power is re-enabled, only the clock is enabled, leading to a\nsituation where the MMCX rail is at MIN_SVS but the core clock is at its\nhighest rate. In this state, the rail cannot sustain the clock rate,\nwhich may cause instability or system crash.\n\nRemove the call to dev_pm_opp_set_rate(dev, 0) from dpu_runtime_suspend\nto ensure the correct vote is restored when DPU resumes.\n\nPatchwork: https://patchwork.freedesktop.org/patch/710077/"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"1181a7028d37e0b1e720a36125a03f5db97e3d27","versionType":"git","status":"affected"},{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"9830999c9e065c1813ec5435bfe4eab98ee54a87","versionType":"git","status":"affected"},{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"c5735c7d0eef7a5240f9c1c66e44ba52a1be58d6","versionType":"git","status":"affected"},{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"0f7dd5839cfabaf9c007fb718ec66e907a473c93","versionType":"git","status":"affected"},{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"0ccf4f27b4652570b5de3de02a89a86435559de9","versionType":"git","status":"affected"},{"version":"b0530eb1191307e9038d75e5c83973a396137681","lessThan":"bc1dccc518cc5ab5140fba06c27e7188e0ed342b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0ccf4f27b4652570b5de3de02a89a86435559de9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/0f7dd5839cfabaf9c007fb718ec66e907a473c93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1181a7028d37e0b1e720a36125a03f5db97e3d27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9830999c9e065c1813ec5435bfe4eab98ee54a87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bc1dccc518cc5ab5140fba06c27e7188e0ed342b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5735c7d0eef7a5240f9c1c66e44ba52a1be58d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53058","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:18.170","lastModified":"2026-06-24T17:17:18.170","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()\n\nIn case if we get errors in cdns_mhdp_link_up() or cdns_mhdp_reg_read()\nin atomic_enable, we will go to cdns_mhdp_modeset_retry_fn() and will hit\nNULL pointer while trying to access the mutex. We need the connector to\nbe set before that. Unlike in legacy cases with flag\n!DRM_BRIDGE_ATTACH_NO_CONNECTOR, we do not have connector initialised\nin bridge_attach(), so add the mhdp->connector_ptr in device structure\nto handle both cases with DRM_BRIDGE_ATTACH_NO_CONNECTOR and\n!DRM_BRIDGE_ATTACH_NO_CONNECTOR, set it in atomic_enable() earlier to\navoid possible NULL pointer dereference in recovery paths like\nmodeset_retry_fn() with the DRM_BRIDGE_ATTACH_NO_CONNECTOR flag set."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c","drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.h","drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-hdcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c932ced6b58524eeb948ff252f6512cd6bcb9d9f","lessThan":"5302015daf26ef6b48e067f2b86c9482ac19e015","versionType":"git","status":"affected"},{"version":"c932ced6b58524eeb948ff252f6512cd6bcb9d9f","lessThan":"a3611554e599d1a24b45fd8415bacb72ce861e4b","versionType":"git","status":"affected"},{"version":"c932ced6b58524eeb948ff252f6512cd6bcb9d9f","lessThan":"cf2ac2cac8b319f89b3a3851ca0c5ffb6a549575","versionType":"git","status":"affected"},{"version":"c932ced6b58524eeb948ff252f6512cd6bcb9d9f","lessThan":"1af3b42e08a957e53bab8e1897393fe0a27d9fbf","versionType":"git","status":"affected"},{"version":"c932ced6b58524eeb948ff252f6512cd6bcb9d9f","lessThan":"43d6508ddbf9fb974fbc359a033154f78c9d4c8b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c","drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.h","drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-hdcp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1af3b42e08a957e53bab8e1897393fe0a27d9fbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/43d6508ddbf9fb974fbc359a033154f78c9d4c8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5302015daf26ef6b48e067f2b86c9482ac19e015","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a3611554e599d1a24b45fd8415bacb72ce861e4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf2ac2cac8b319f89b3a3851ca0c5ffb6a549575","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53060","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:18.717","lastModified":"2026-06-24T17:17:18.717","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache metadata: fix memory leak on metadata abort retry\n\nWhen failing to acquire the root_lock in dm_cache_metadata_abort because\nthe block_manager is read-only, the temporary block_manager created\noutside the root_lock is not properly released, causing a memory leak.\n\nReproduce steps:\n\nThis can be reproduced by reloading a new table while the metadata\nis read-only. While the second call to dm_cache_metadata_abort is\ncaused by lack of support for table preload in dm-cache, mentioned\nin commit 9b1cc9f251af (\"dm cache: share cache-metadata object across\ninactive and active DM tables\"), it exposes the memory leak in\ndm_cache_metadata_abort when the function is called multiple times.\nSpecifically, dm-cache fails to sync the new cache object's mode during\npreresume, creating the reproducer condition.\n\nThis issue could also occur through concurrent metadata_operation_failed\ncalls due to races in cache mode updates, but the table preload scenario\nbelow provides a reliable reproducer.\n\n1. Create a cache device with some faulty trailing metadata blocks\n\ndmsetup create cmeta <<EOF\n0 200 linear /dev/sdc 0\n200 7992 error\nEOF\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 131072 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0\"\n\n2. Suspend and resume the cache to start a new metadata transaction and\n   trigger metadata io errors on the next metadata commit.\n\ndmsetup suspend cache\ndmsetup resume cache\n\n3. Write to the cache device to update metadata\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --size 64k\n\n4. Preload the same table\n\ndmsetup reload cache --table \"$(dmsetup table cache)\"\n\n5. Resume the new table. This triggers the memory leak.\n\ndmsetup suspend cache\ndmsetup resume cache\n\nkmemleak logs:\n\n<snip>\nunreferenced object 0xffff8880080c2010 (size 16):\n  comm \"dmsetup\", pid 132, jiffies 4294982580\n  hex dump (first 16 bytes):\n    00 38 b9 07 80 88 ff ff 6a 6b 6b 6b 6b 6b 6b a5 ...\n  backtrace (crc 3118f31c):\n    kmemleak_alloc+0x28/0x40\n    __kmalloc_cache_noprof+0x3d9/0x510\n    dm_block_manager_create+0x51/0x140\n    dm_cache_metadata_abort+0x85/0x320\n    metadata_operation_failed+0x103/0x1e0\n    cache_preresume+0xacd/0xe70\n    dm_table_resume_targets+0xd3/0x320\n    __dm_resume+0x1b/0xf0\n    dm_resume+0x127/0x170\n<snip>"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-metadata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b45e77b79215405bd039a690f5b06cc03e8ed27d","lessThan":"14f60e957f34f95a626caec76a8fae88cf4c397f","versionType":"git","status":"affected"},{"version":"28d307f380df88a598bc0186d527462902d9bda1","lessThan":"6b97cc7a42905755c56bbddc33aa8b792205caee","versionType":"git","status":"affected"},{"version":"f74b7c5a85e22cd9091845e0d62a1dd89d0f855f","lessThan":"d1a79620c419a0af1911f99c873014b30740e303","versionType":"git","status":"affected"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"15c30997dca681f90dbf2d45ee629c1828bf0c0d","versionType":"git","status":"affected"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"b0bd35535bdb6f58505f3a30ee5793986943997a","versionType":"git","status":"affected"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"322a3b70368d49e39591fe9fc6c07d262128b05f","versionType":"git","status":"affected"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"4311ca59a1891d33c4c8b7946f98c34f167fe833","versionType":"git","status":"affected"},{"version":"352b837a5541690d4f843819028cf2b8be83d424","lessThan":"044ca491d4086dc5bf233e9fcb71db52df32f633","versionType":"git","status":"affected"},{"version":"6e237cacda8b4e976849e7bff9fe7dff0e968586","versionType":"git","status":"affected"},{"version":"3972ae47d0ee9b5b434af5d0cca6cdfd1e239d4f","versionType":"git","status":"affected"},{"version":"9958f5ffc44530b650fb4cc9038a4d167fa4f5c1","versionType":"git","status":"affected"},{"version":"f472bfc95d9c9653172dbdad39219b32fabf9b92","versionType":"git","status":"affected"},{"version":"bdd4e106929ac943f3226d8f03754b480701e97b","versionType":"git","status":"affected"},{"version":"5.10.163","lessThan":"5.10.258","versionType":"semver","status":"affected"},{"version":"5.15.87","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.4","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"4.9.337","lessThan":"4.10","versionType":"semver","status":"affected"},{"version":"4.14.303","lessThan":"4.15","versionType":"semver","status":"affected"},{"version":"4.19.270","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.229","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.0.18","lessThan":"6.1","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-cache-metadata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53061","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:18.880","lastModified":"2026-06-24T17:17:18.880","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix dirty mapping checking in passthrough mode switching\n\nAs mentioned in commit 9b1cc9f251af (\"dm cache: share cache-metadata\nobject across inactive and active DM tables\"), dm-cache assumed table\nreload occurs after suspension, while LVM's table preload breaks this\nassumption. The dirty mapping check for passthrough mode was designed\naround this assumption and is performed during table creation, causing\nthe check to fail with preload while metadata updates are ongoing. This\nrisks loading dirty mappings into passthrough mode, resulting in data\nloss.\n\nReproduce steps:\n\n1. Create a writeback cache with zero migration_threshold to produce\n   dirty mappings\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writeback smq \\\n2 migration_threshold 0\"\n\n2. Preload a table in passthrough mode\n\ndmsetup reload cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 passthrough smq 0\"\n\n3. Write to the first cache block to make it dirty\n\nfio --filename=/dev/mapper/cache --name=populate --rw=write --bs=4k \\\n--direct=1 --size=64k\n\n4. Resume the inactive table. Now it's possible to load the dirty block\n   into passthrough mode.\n\ndmsetup resume cache\n\nFix by moving the checks to the preresume phase to support table\npreloading. Also remove the unused function dm_cache_metadata_all_clean."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-metadata.c","drivers/md/dm-cache-metadata.h","drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"c2e86f647561fcf5e1c6eba7d75e9e0c4299c94d","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"5c98a3f1d7a554c9e920aa31daf92af6b5bbb8cc","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"1443c32f24d6d8bcdf4beceef2afc09290b98717","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"12105c7f18375d7615dad7605d89eadae7eb12a6","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"bd5a2c1018938e6b32670728bdb32a3f0efff00f","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"21c503d60a257e54ca3ac58e2721bd24501d5bde","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"01b22656d8a68dbeae59f8b80866e7b11936b20a","versionType":"git","status":"affected"},{"version":"2ee57d587357f0d752af6c2e3e46434a74b1bee3","lessThan":"322586745bd1a0e5f3559fd1635fdeb4dbd1d6b8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-cache-metadata.c","drivers/md/dm-cache-metadata.h","drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/01b22656d8a68dbeae59f8b80866e7b11936b20a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/12105c7f18375d7615dad7605d89eadae7eb12a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1443c32f24d6d8bcdf4beceef2afc09290b98717","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/21c503d60a257e54ca3ac58e2721bd24501d5bde","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/322586745bd1a0e5f3559fd1635fdeb4dbd1d6b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c98a3f1d7a554c9e920aa31daf92af6b5bbb8cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bd5a2c1018938e6b32670728bdb32a3f0efff00f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c2e86f647561fcf5e1c6eba7d75e9e0c4299c94d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53063","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.173","lastModified":"2026-06-24T17:17:19.173","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix write hang in passthrough mode\n\nThe invalidate_remove() function has incomplete logic for handling write\nhit bios after cache invalidation. It sets up the remapping for the\noverwrite_bio but then drops it immediately without submission, causing\nwrite operations to hang.\n\nFix by adding a new invalidate_committed() continuation that submits\nthe remapped writes to the cache origin after metadata commit completes,\nwhile using the overwrite_endio hook to ensure proper completion\nsequencing. This maintains existing coherency. Also improve error\nhandling in invalidate_complete() to preserve the original error status\ninstead of using bio_io_error() unconditionally."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"9fa18d0b981776b190ca4632942a7c2174052b78","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"ecb10c193cbebf5e6984246a9b4ff1f95d45ed87","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"64d6519b00be4116d365bd31f33a5e5ce2944c1a","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"b8ace9e96983abb20ccf39edce8a60f1bb0b83d8","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"05798d091ebcfb6d68228890e593f209e8ac940d","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/05798d091ebcfb6d68228890e593f209e8ac940d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4ca8b8bd952df7c3ccdc68af9bd3419d0839a04b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/64d6519b00be4116d365bd31f33a5e5ce2944c1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9fa18d0b981776b190ca4632942a7c2174052b78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b8ace9e96983abb20ccf39edce8a60f1bb0b83d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ecb10c193cbebf5e6984246a9b4ff1f95d45ed87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53064","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.320","lastModified":"2026-06-24T17:17:19.320","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix null-deref with concurrent writes in passthrough mode\n\nIn passthrough mode, when dm-cache starts to invalidate a cache\nentry and bio prison cell lock fails due to concurrent write to\nthe same cached block, mg->cell remains NULL. The error path in\ninvalidate_complete() attempts to unlock and free the cell\nunconditionally, causing a NULL pointer dereference:\n\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 UID: 0 PID: 134 Comm: fio Not tainted 6.19.0-rc7 #3 PREEMPT\nRIP: 0010:dm_cell_unlock_v2+0x3f/0x210\n<snip>\nCall Trace:\n invalidate_complete+0xef/0x430\n map_bio+0x130f/0x1a10\n cache_map+0x320/0x6b0\n __map_bio+0x458/0x510\n dm_submit_bio+0x40e/0x16d0\n __submit_bio+0x419/0x870\n<snip>\n\nReproduce steps:\n\n1. Create a cache device\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. Promote the first data block into cache\n\nfio --filename=/dev/mapper/cache --name=populate --rw=write --bs=4k \\\n--direct=1 --size=64k\n\n3. Reload the cache into passthrough mode\n\ndmsetup suspend cache\ndmsetup reload cache --table \"0 262144 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 passthrough smq 0\"\ndmsetup resume cache\n\n4. Write to the first cached block concurrently\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --numjobs=2 --size 64k\n\nFix by checking if mg->cell is valid before attempting to unlock it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"01264a6a3a3ad7ac1d73443299cd5a9568002454","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"ee38fb00e1a80f46a4990e38f25ecb04ae7b7417","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"c7fb6bc864c4910b344dafa36dd5028e9b980768","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"0aa745fea1f8dc81bcdd0a45e215b6706727b482","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"a2635d541a93fd111e743cf14b6275dc81be2abc","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"25dcc1989c194ba2b5fb6d03cbb9b83814ac0d15","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"df3b8ef06cc62de4fca5d2108e285085b3cffd44","versionType":"git","status":"affected"},{"version":"b29d4986d0da1a27cd35917cdb433672f5c95d7f","lessThan":"7d1f98d668ee34c1d15bdc0420fdd062f24a27c0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-cache-target.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/01264a6a3a3ad7ac1d73443299cd5a9568002454","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/0aa745fea1f8dc81bcdd0a45e215b6706727b482","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/25dcc1989c194ba2b5fb6d03cbb9b83814ac0d15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7d1f98d668ee34c1d15bdc0420fdd062f24a27c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a2635d541a93fd111e743cf14b6275dc81be2abc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c7fb6bc864c4910b344dafa36dd5028e9b980768","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/df3b8ef06cc62de4fca5d2108e285085b3cffd44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ee38fb00e1a80f46a4990e38f25ecb04ae7b7417","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53065","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.490","lastModified":"2026-06-24T17:17:19.490","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sti: use managed regmap_field allocations\n\nThe regmap_field objects allocated at player init are never freed and\nmay leak resources if the driver is removed.\n\nSwitch to devm_regmap_field_alloc() to automatically limit the lifetime\nof the allocations the lifetime of the device."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["sound/soc/sti/uniperif_player.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"4b8dba4527727623a97948aff9f0969a14c203a9","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"c3af3bcfc1deb3b230cc266a2ac75bca8f4dfba9","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"43b67761d486d719128e164536e58de5a81dff9b","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"002a5f925d42eca8ad547e55a4ae22714cfe9dec","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"9641071e3a8e0bc664477a0e54db5f9815f0fb79","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"a3f3c332882c98ae7553af372191116d1384ca52","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"7422a11a753daacbc2409513cf65e1de0d17c291","versionType":"git","status":"affected"},{"version":"76c2145ded6b83488dec4afc46a29a57cee90552","lessThan":"1696fad8b259a2d46e51cd6e17e4bcdbe02279fa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["sound/soc/sti/uniperif_player.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.3","status":"affected"},{"version":"0","lessThan":"4.3","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/002a5f925d42eca8ad547e55a4ae22714cfe9dec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1696fad8b259a2d46e51cd6e17e4bcdbe02279fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/43b67761d486d719128e164536e58de5a81dff9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4b8dba4527727623a97948aff9f0969a14c203a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7422a11a753daacbc2409513cf65e1de0d17c291","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9641071e3a8e0bc664477a0e54db5f9815f0fb79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a3f3c332882c98ae7553af372191116d1384ca52","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c3af3bcfc1deb3b230cc266a2ac75bca8f4dfba9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53066","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.647","lastModified":"2026-06-24T17:17:19.647","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sun4i: backend: fix error pointer dereference\n\nThe function drm_atomic_get_plane_state() can return an error pointer\nand is not checked for it. Add error pointer check.\n\nDetected by Smatch:\ndrivers/gpu/drm/sun4i/sun4i_backend.c:496 sun4i_backend_atomic_check() error:\n'plane_state' dereferencing possible ERR_PTR()"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/sun4i/sun4i_backend.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"ea51fd96aca01381e8f1ac0c671a57b7619193bb","versionType":"git","status":"affected"},{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"cf615b90a11a39a28e313be5e508e94bcde72016","versionType":"git","status":"affected"},{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"779c2f10743fc021f2f0ebe2b188cadfb973c5e4","versionType":"git","status":"affected"},{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"47038159c559824f4dbfb5b0d87b9b3416663372","versionType":"git","status":"affected"},{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"e9bef62f1bb9fcb38223730657af20f4c6283c16","versionType":"git","status":"affected"},{"version":"96180dde23b799272ab2e7d47210c8840799d0d2","lessThan":"06277983eca4a31d3c2114fa33d99a6e82484b11","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/sun4i/sun4i_backend.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/06277983eca4a31d3c2114fa33d99a6e82484b11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/47038159c559824f4dbfb5b0d87b9b3416663372","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/779c2f10743fc021f2f0ebe2b188cadfb973c5e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf615b90a11a39a28e313be5e508e94bcde72016","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e9bef62f1bb9fcb38223730657af20f4c6283c16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ea51fd96aca01381e8f1ac0c671a57b7619193bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53067","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:19.780","lastModified":"2026-06-24T17:17:19.780","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc\n\npci_epf_alloc_doorbell() stores the allocated doorbell message array in\nepf->db_msg/epf->num_db before requesting MSI vectors. If MSI allocation\nfails, the array is freed but the EPF state may still point to freed\nmemory.\n\nClear epf->db_msg and epf->num_db on the MSI allocation failure path so\nthat later cleanup cannot double-free the array and callers can retry\nallocation.\n\nAlso return -EBUSY when doorbells have already been allocated to prevent\nleaking or overwriting an existing allocation."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pci/endpoint/pci-ep-msi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1c3b002c6bf684b445a7107609979bca5f21bc03","lessThan":"175717cfc06cab79f84cd037d66dda1b8564cd9e","versionType":"git","status":"affected"},{"version":"1c3b002c6bf684b445a7107609979bca5f21bc03","lessThan":"3c25587fbf8797b92090b064a6d239a873e55fb1","versionType":"git","status":"affected"},{"version":"1c3b002c6bf684b445a7107609979bca5f21bc03","lessThan":"1cba96c0a795124c3229293ed7b5b5765e66f259","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pci/endpoint/pci-ep-msi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/175717cfc06cab79f84cd037d66dda1b8564cd9e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1cba96c0a795124c3229293ed7b5b5765e66f259","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3c25587fbf8797b92090b064a6d239a873e55fb1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53073","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.163","lastModified":"2026-06-24T17:17:21.163","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error\n\nWhen hci_register_dev() fails in hci_uart_register_dev()\nHCI_UART_PROTO_INIT is not cleared before calling hu->proto->close(hu)\nand setting hu->hdev to NULL. This means incoming UART data will reach\nthe protocol-specific recv handler in hci_uart_tty_receive() after\nresources are freed.\n\nClear HCI_UART_PROTO_INIT with a write lock before calling\nhu->proto->close() and setting hu->hdev to NULL. The write lock ensures\nall active readers have completed and no new reader can enter the\nprotocol recv path before resources are freed.\n\nThis allows the protocol-specific recv functions to remove the\n\"HCI_UART_REGISTERED\" guard without risking a null pointer dereference\nif hci_register_dev() fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a40f94f7caa8d3421b64f63ac31bc0f24c890f39","lessThan":"ebb39b2d81731b83ee71a1ba6dd0291a57b5ac07","versionType":"git","status":"affected"},{"version":"9e5a0f5777162e503400c70c6ed25fbbe2d38799","lessThan":"ed4033fb85ccaaf6c3983be3c7b037e48253d232","versionType":"git","status":"affected"},{"version":"80f14e9de6a43a0bd8194cad1003a3e6dcbc3984","lessThan":"356dee1bcac4d0d9152390561fa63331ebff211b","versionType":"git","status":"affected"},{"version":"02e1bcdfdf769974e7e9fa285e295cd9852e2a38","lessThan":"a673cf6c4ac702cb79ac1f4d7fc4de763a6a3e40","versionType":"git","status":"affected"},{"version":"281782d2c6730241e300d630bb9f200d831ede71","lessThan":"f4b69c35813c432973d340d3600c01de106ed474","versionType":"git","status":"affected"},{"version":"5df5dafc171b90d0b8d51547a82657cd5a1986c7","lessThan":"3daa5818e473ed60eb69d8b5c71b651909d28c5a","versionType":"git","status":"affected"},{"version":"5df5dafc171b90d0b8d51547a82657cd5a1986c7","lessThan":"194f029a4d7f739e44ebc1f473120187b4de5104","versionType":"git","status":"affected"},{"version":"5df5dafc171b90d0b8d51547a82657cd5a1986c7","lessThan":"68d39ea5e0adc9ecaea1ce8abd842ec972eb8718","versionType":"git","status":"affected"},{"version":"1dcf08fcff5ca529de6dc0395091f28854f4e54a","versionType":"git","status":"affected"},{"version":"8e5aff600539e5faea294d9612cca50220e602b8","versionType":"git","status":"affected"},{"version":"db7509fa110dd9b11134b75894677f30353b2c51","versionType":"git","status":"affected"},{"version":"5.10.237","lessThan":"5.10.258","versionType":"semver","status":"affected"},{"version":"5.15.181","lessThan":"5.15.209","versionType":"semver","status":"affected"},{"version":"6.1.135","lessThan":"6.1.175","versionType":"semver","status":"affected"},{"version":"6.6.88","lessThan":"6.6.141","versionType":"semver","status":"affected"},{"version":"6.12.24","lessThan":"6.12.91","versionType":"semver","status":"affected"},{"version":"5.4.293","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.13.12","lessThan":"6.14","versionType":"semver","status":"affected"},{"version":"6.14.3","lessThan":"6.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/194f029a4d7f739e44ebc1f473120187b4de5104","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/356dee1bcac4d0d9152390561fa63331ebff211b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3daa5818e473ed60eb69d8b5c71b651909d28c5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/68d39ea5e0adc9ecaea1ce8abd842ec972eb8718","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a673cf6c4ac702cb79ac1f4d7fc4de763a6a3e40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ebb39b2d81731b83ee71a1ba6dd0291a57b5ac07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ed4033fb85ccaaf6c3983be3c7b037e48253d232","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f4b69c35813c432973d340d3600c01de106ed474","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53074","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.317","lastModified":"2026-06-24T17:17:21.317","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb\n\nbpf_prog_test_run_skb() calls eth_type_trans() first and then uses\nskb->protocol to initialize sk family and address fields for the test\nrun.\n\nFor IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb)\neven when the provided test input only contains an Ethernet header.\n\nReject the input earlier if the Ethernet frame carries IPv4/IPv6\nEtherType but the L3 header is too short.\n\nFold the IPv4/IPv6 header length checks into the existing protocol\nswitch and return -EINVAL before accessing the network headers."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bpf/test_run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"7254267799d083280c0e53effc101a33add95f7b","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"6a9f38d5ff11e00bc54baab752642978805e81eb","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"e6aa481f21fc7a41ed344767ea25aae9d03fae71","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"0a04db240effd85773f66244645a28cedddb72d2","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"1f882c492d46f90bdb36f4936876c88c28dab21c","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"8042240412de3222d27b31e89d29336961cad9e4","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"6def5fe753cbe5b279ee5fd10327b2611cbddaca","versionType":"git","status":"affected"},{"version":"fa5cb548ced61b9d3095f32f8a7e427a248c65ee","lessThan":"12bec2bd4b76d81c5d3996bd14ec1b7f4d983747","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bpf/test_run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0a04db240effd85773f66244645a28cedddb72d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/12bec2bd4b76d81c5d3996bd14ec1b7f4d983747","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/1f882c492d46f90bdb36f4936876c88c28dab21c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6a9f38d5ff11e00bc54baab752642978805e81eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6def5fe753cbe5b279ee5fd10327b2611cbddaca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7254267799d083280c0e53effc101a33add95f7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8042240412de3222d27b31e89d29336961cad9e4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e6aa481f21fc7a41ed344767ea25aae9d03fae71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53079","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:21.953","lastModified":"2026-06-24T17:17:21.953","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: fix skb memory leak in deferred qdisc drops\n\nWhen the network stack cleans up the deferred list via qdisc_run_end(),\nit operates on the root qdisc. If the root qdisc do not implement the\nTCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and\ngets stranded on the child's local to_free list.\n\nFix this by making qdisc_dequeue_drop() aware of the root qdisc. It\nfetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If\nthe flag is present, the packet is appended directly to the root's\nto_free list. Otherwise, drop it directly as it was done before the\noptimization was implemented."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/sch_generic.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a6efc273ab8245722eee2150fa12cf75781dc410","lessThan":"bf26ad92ffda7884825d67b46bd5efe615c3babf","versionType":"git","status":"affected"},{"version":"a6efc273ab8245722eee2150fa12cf75781dc410","lessThan":"a6bd339dbb3514bce690fdcf252e788dfab4ee76","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/sch_generic.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/a6bd339dbb3514bce690fdcf252e788dfab4ee76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bf26ad92ffda7884825d67b46bd5efe615c3babf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53080","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.047","lastModified":"2026-06-24T17:17:22.047","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL dereference of \"old\" filters before change()\n\nLike pointed out by Sashiko [1], since commit ed76f5edccc9 (\"net: sched:\nprotect filter_chain list with filter_chain_lock mutex\") TC filters are\nadded to a shared block and published to datapath before their ->change()\nfunction is called. This is a problem for cls_fw: an invalid filter\ncreated with the \"old\" method can still classify some packets before it\nis destroyed by the validation logic added by Xiang.\nTherefore, insisting with repeated runs of the following script:\n\n # ip link add dev crash0 type dummy\n # ip link set dev crash0 up\n # mausezahn  crash0 -c 100000 -P 10 \\\n > -A 4.3.2.1 -B 1.2.3.4 -t udp \"dp=1234\" -q &\n # sleep 1\n # tc qdisc add dev crash0 egress_block 1 clsact\n # tc filter add block 1 protocol ip prio 1 matchall \\\n > action skbedit mark 65536 continue\n # tc filter add block 1 protocol ip prio 2 fw\n # ip link del dev crash0\n\ncan still make fw_classify() hit the WARN_ON() in [2]:\n\n WARNING: ./include/net/pkt_cls.h:88 at fw_classify+0x244/0x250 [cls_fw], CPU#18: mausezahn/1399\n Modules linked in: cls_fw(E) act_skbedit(E)\n CPU: 18 UID: 0 PID: 1399 Comm: mausezahn Tainted: G            E       7.0.0-rc6-virtme #17 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Red Hat KVM, BIOS 1.16.3-2.el9 04/01/2014\n RIP: 0010:fw_classify+0x244/0x250 [cls_fw]\n Code: 5c 49 c7 45 00 00 00 00 00 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 5b b8 ff ff ff ff 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb a0 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90\n RSP: 0018:ffffd1b7026bf8a8 EFLAGS: 00010202\n RAX: ffff8c5ac9c60800 RBX: ffff8c5ac99322c0 RCX: 0000000000000004\n RDX: 0000000000000001 RSI: ffff8c5b74d7a000 RDI: ffff8c5ac8284f40\n RBP: ffffd1b7026bf8d0 R08: 0000000000000000 R09: ffffd1b7026bf9b0\n R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000010000\n R13: ffffd1b7026bf930 R14: ffff8c5ac8284f40 R15: 0000000000000000\n FS:  00007fca40c37740(0000) GS:ffff8c5b74d7a000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fca40e822a0 CR3: 0000000005ca0001 CR4: 0000000000172ef0\n Call Trace:\n  <TASK>\n  tcf_classify+0x17d/0x5c0\n  tc_run+0x9d/0x150\n  __dev_queue_xmit+0x2ab/0x14d0\n  ip_finish_output2+0x340/0x8f0\n  ip_output+0xa4/0x250\n  raw_sendmsg+0x147d/0x14b0\n  __sys_sendto+0x1cc/0x1f0\n  __x64_sys_sendto+0x24/0x30\n  do_syscall_64+0x126/0xf80\n  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7fca40e822ba\n Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89\n RSP: 002b:00007ffc248a42c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 000055ef233289d0 RCX: 00007fca40e822ba\n RDX: 000000000000001e RSI: 000055ef23328c30 RDI: 0000000000000003\n RBP: 000055ef233289d0 R08: 00007ffc248a42d0 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e\n R13: 00000000000186a0 R14: 0000000000000000 R15: 00007fca41043000\n  </TASK>\n irq event stamp: 1045778\n hardirqs last  enabled at (1045784): [<ffffffff864ec042>] __up_console_sem+0x52/0x60\n hardirqs last disabled at (1045789): [<ffffffff864ec027>] __up_console_sem+0x37/0x60\n softirqs last  enabled at (1045426): [<ffffffff874d48c7>] __alloc_skb+0x207/0x260\n softirqs last disabled at (1045434): [<ffffffff874fe8f8>] __dev_queue_xmit+0x78/0x14d0\n\nThen, because of the value in the packet's mark, dereference on 'q->handle'\nwith NULL 'q' occurs:\n\n BUG: kernel NULL  pointer dereference, address: 0000000000000038\n [...]\n RIP: 0010:fw_classify+0x1fe/0x250 [cls_fw]\n [...]\n\nSkip \"old-style\" classification on shared blocks, so that the NULL\ndereference is fixed and WARN_ON() is not hit anymore in the short\nlifetime of invalid cls_fw \"old-style\" filters.\n\n[1] https://sashiko.dev/#/patchset/2\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sched/cls_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"a719275da488835e987d28effc04679b4aace3a0","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"c205da704c84eeb4247d770150440294fd547049","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"5dcce34c57d5e5990869384d69deeb9414bf9b92","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"5df49f0579f7e625f2358a219d31fbc7621be799","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"829808cbf8cf8a6d07a0e67a5ea2c3fcd63a9e5c","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"41845bc5bb64f3d615abe575ad655b5e7f193634","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"4fabcfea7a9dd159df32c5df6587fe858cb0d748","versionType":"git","status":"affected"},{"version":"ed76f5edccc98fa66f2337f0b3b255d6e1a568b7","lessThan":"65782b2db7321d5f97c16718c4c7f6c7205a56be","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sched/cls_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/41845bc5bb64f3d615abe575ad655b5e7f193634","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4fabcfea7a9dd159df32c5df6587fe858cb0d748","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5dcce34c57d5e5990869384d69deeb9414bf9b92","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5df49f0579f7e625f2358a219d31fbc7621be799","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/65782b2db7321d5f97c16718c4c7f6c7205a56be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/829808cbf8cf8a6d07a0e67a5ea2c3fcd63a9e5c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a719275da488835e987d28effc04679b4aace3a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c205da704c84eeb4247d770150440294fd547049","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53082","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.343","lastModified":"2026-06-24T17:17:22.343","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hamradio: 6pack: fix uninit-value in sixpack_receive_buf\n\nsixpack_receive_buf() does not properly skip bytes with TTY error flags.\nThe while loop iterates through the flags buffer but never advances the\ndata pointer (cp), and passes the original count (including error bytes)\nto sixpack_decode(). This causes sixpack_decode() to process bytes that\nshould have been skipped due to TTY errors.  The TTY layer does not\nguarantee that cp[i] holds a meaningful value when fp[i] is set, so\npassing those positions to sixpack_decode() results in KMSAN reporting\nan uninit-value read.\n\nFix this by processing bytes one at a time, advancing cp on each\niteration, and only passing valid (non-error) bytes to sixpack_decode().\nThis matches the pattern used by slip_receive_buf() and\nmkiss_receive_buf() for the same purpose."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/hamradio/6pack.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1d3abf0c3ddeefc6f6d913aa129acc06fce8240a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d4cceb5184538613572fb79319453f281b1eeacb","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2951656b0de00153f2687f3a093890bce72b6215","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e9cf4018d74237d142cd66243c821d13593270f0","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d9ce2a4b679122397d7f35bad7be46913ad1ca80","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"987af7625ceb1ee59d70eb0abd7af11c75e45d79","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"578f3aba427c938fecfa0d8c83d9acb213a9b24a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"bf9a38803b2626b01cc769aaf13485d8650f576f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/hamradio/6pack.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1d3abf0c3ddeefc6f6d913aa129acc06fce8240a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2951656b0de00153f2687f3a093890bce72b6215","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/578f3aba427c938fecfa0d8c83d9acb213a9b24a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/987af7625ceb1ee59d70eb0abd7af11c75e45d79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bf9a38803b2626b01cc769aaf13485d8650f576f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d4cceb5184538613572fb79319453f281b1eeacb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d9ce2a4b679122397d7f35bad7be46913ad1ca80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e9cf4018d74237d142cd66243c821d13593270f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53083","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.470","lastModified":"2026-06-24T17:17:22.470","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix RCU stall in bpf_fd_array_map_clear()\n\nAdd a missing cond_resched() in bpf_fd_array_map_clear() loop.\n\nFor PROG_ARRAY maps with many entries this loop calls\nprog_array_map_poke_run() per entry which can be expensive, and\nwithout yielding this can cause RCU stalls under load:\n\n  rcu: Stack dump where RCU GP kthread last ran:\n  CPU: 0 UID: 0 PID: 30932 Comm: kworker/0:2 Not tainted 6.14.0-13195-g967e8def1100 #2 PREEMPT(undef)\n  Workqueue: events prog_array_map_clear_deferred\n  RIP: 0010:write_comp_data+0x38/0x90 kernel/kcov.c:246\n  Call Trace:\n   <TASK>\n   prog_array_map_poke_run+0x77/0x380 kernel/bpf/arraymap.c:1096\n   __fd_array_map_delete_elem+0x197/0x310 kernel/bpf/arraymap.c:925\n   bpf_fd_array_map_clear kernel/bpf/arraymap.c:1000 [inline]\n   prog_array_map_clear_deferred+0x119/0x1b0 kernel/bpf/arraymap.c:1141\n   process_one_work+0x898/0x19d0 kernel/workqueue.c:3238\n   process_scheduled_works kernel/workqueue.c:3319 [inline]\n   worker_thread+0x770/0x10b0 kernel/workqueue.c:3400\n   kthread+0x465/0x880 kernel/kthread.c:464\n   ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:153\n   ret_from_fork_asm+0x19/0x30 arch/x86/entry/entry_64.S:245\n   </TASK>"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/arraymap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"da765a2f599304a81a25e77908d1790414ecdbb6","lessThan":"b1f7158a86f3cbac4d5a32beb55ca0f8027d44cd","versionType":"git","status":"affected"},{"version":"da765a2f599304a81a25e77908d1790414ecdbb6","lessThan":"71ddb7defc442ab38c53123c384fedbfd8410a15","versionType":"git","status":"affected"},{"version":"da765a2f599304a81a25e77908d1790414ecdbb6","lessThan":"e1ed678855e315f90c70c1723e94157a9a82e660","versionType":"git","status":"affected"},{"version":"da765a2f599304a81a25e77908d1790414ecdbb6","lessThan":"67bdb4b0d26f2d6bbf1798a925ef5a3b9ed7357a","versionType":"git","status":"affected"},{"version":"da765a2f599304a81a25e77908d1790414ecdbb6","lessThan":"4406942e65ca128c56c67443832988873c21d2e9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/arraymap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4406942e65ca128c56c67443832988873c21d2e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/67bdb4b0d26f2d6bbf1798a925ef5a3b9ed7357a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/71ddb7defc442ab38c53123c384fedbfd8410a15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b1f7158a86f3cbac4d5a32beb55ca0f8027d44cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e1ed678855e315f90c70c1723e94157a9a82e660","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53084","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:22.577","lastModified":"2026-06-24T17:17:22.577","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: return VMA snapshot from task_vma iterator\n\nHolding the per-VMA lock across the BPF program body creates a lock\nordering problem when helpers acquire locks that depend on mmap_lock:\n\n  vm_lock -> i_rwsem -> mmap_lock -> vm_lock\n\nSnapshot the VMA under the per-VMA lock in _next() via memcpy(), then\ndrop the lock before returning. The BPF program accesses only the\nsnapshot.\n\nThe verifier only trusts vm_mm and vm_file pointers (see\nBTF_TYPE_SAFE_TRUSTED_OR_NULL in verifier.c). vm_file is reference-\ncounted with get_file() under the lock and released via fput() on the\nnext iteration or in _destroy(). vm_mm is already correct because\nlock_vma_under_rcu() verifies vma->vm_mm == mm. All other pointers\nare left as-is by memcpy() since the verifier treats them as untrusted."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/task_iter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4ac4546821584736798aaa9e97da9f6eaf689ea3","lessThan":"83b8802c034e843b83a3e1ef6f30cdd4e9ec291c","versionType":"git","status":"affected"},{"version":"4ac4546821584736798aaa9e97da9f6eaf689ea3","lessThan":"592226d138378601ae28eb890e2bbc23ec3600f7","versionType":"git","status":"affected"},{"version":"4ac4546821584736798aaa9e97da9f6eaf689ea3","lessThan":"13860ca37b8df0b856ee1ce3bdbd7c327d5f53e8","versionType":"git","status":"affected"},{"version":"4ac4546821584736798aaa9e97da9f6eaf689ea3","lessThan":"4cbee026db54cad39c39db4d356100cb133412b3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/task_iter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/13860ca37b8df0b856ee1ce3bdbd7c327d5f53e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4cbee026db54cad39c39db4d356100cb133412b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/592226d138378601ae28eb890e2bbc23ec3600f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/83b8802c034e843b83a3e1ef6f30cdd4e9ec291c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53089","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.097","lastModified":"2026-06-24T17:17:23.097","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix use-after-free in offloaded map/prog info fill\n\nWhen querying info for an offloaded BPF map or program,\nbpf_map_offload_info_fill_ns() and bpf_prog_offload_info_fill_ns()\nobtain the network namespace with get_net(dev_net(offmap->netdev)).\nHowever, the associated netdev's netns may be racing with teardown\nduring netns destruction. If the netns refcount has already reached 0,\nget_net() performs a refcount_t increment on 0, triggering:\n\n  refcount_t: addition on 0; use-after-free.\n\nAlthough rtnl_lock and bpf_devs_lock ensure the netdev pointer remains\nvalid, they cannot prevent the netns refcount from reaching zero.\n\nFix this by using maybe_get_net() instead of get_net(). maybe_get_net()\nuses refcount_inc_not_zero() and returns NULL if the refcount is already\nzero, which causes ns_get_path_cb() to fail and the caller to return\n-ENOENT -- the correct behavior when the netns is being destroyed."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/offload.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"675fc275a3a2d905535207237402c6d8dcb5fa4b","lessThan":"a51e7fbe94a87e236631a83973d4f558310b2cd2","versionType":"git","status":"affected"},{"version":"675fc275a3a2d905535207237402c6d8dcb5fa4b","lessThan":"a0c584fc18056709c8e047a82a6045d6c209f4ce","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/offload.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.16","status":"affected"},{"version":"0","lessThan":"4.16","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/a0c584fc18056709c8e047a82a6045d6c209f4ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a51e7fbe94a87e236631a83973d4f558310b2cd2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53093","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.457","lastModified":"2026-06-24T17:17:23.457","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix error pointer dereference\n\nThe function brcmf_chip_add_core() can return an error pointer and is\nnot checked. Add checks for error pointer.\n\nDetected by Smatch:\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1010 brcmf_chip_recognition() error:\n'core' dereferencing possible ERR_PTR()\n\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1013 brcmf_chip_recognition() error:\n'core' dereferencing possible ERR_PTR()\n\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1016 brcmf_chip_recognition() error:\n'core' dereferencing possible ERR_PTR()\n\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1019 brcmf_chip_recognition() error:\n'core' dereferencing possible ERR_PTR()\n\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1022 brcmf_chip_recognition() error:\n'core' dereferencing possible ERR_PTR()\n\n[add missing wifi: prefix]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"a3b45090a91e2f0b9715870d8f8d9ca2fdfbc1af","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"99ef547659178eef6d6ba4738a9d989ce90cf909","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"bd6c906e0c4af6d5d0c49c3c4ee090b4913da17d","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"d3f280be48f1c672cb10e8026c236d0cca60048a","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"2e0e5a43ed126f896a4ad31ade66c90270601bae","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"cbea71b4480394708f9a6e007a0385acfe5e1ec8","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"334c68750eee84c2327db1d152be83ff5ad8e20b","versionType":"git","status":"affected"},{"version":"cb7cf7be9eba76f3cd6258906074c72084570c84","lessThan":"dd8592fc6007a451c3e4b9025de365e39de8178a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2e0e5a43ed126f896a4ad31ade66c90270601bae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/334c68750eee84c2327db1d152be83ff5ad8e20b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/99ef547659178eef6d6ba4738a9d989ce90cf909","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a3b45090a91e2f0b9715870d8f8d9ca2fdfbc1af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bd6c906e0c4af6d5d0c49c3c4ee090b4913da17d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cbea71b4480394708f9a6e007a0385acfe5e1ec8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d3f280be48f1c672cb10e8026c236d0cca60048a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dd8592fc6007a451c3e4b9025de365e39de8178a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53095","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.693","lastModified":"2026-06-24T17:17:23.693","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix abuse of kprobe_write_ctx via freplace\n\nuprobe programs are allowed to modify struct pt_regs.\n\nSince the actual program type of uprobe is KPROBE, it can be abused to\nmodify struct pt_regs via kprobe+freplace when the kprobe attaches to\nkernel functions.\n\nFor example,\n\nSEC(\"?kprobe\")\nint kprobe(struct pt_regs *regs)\n{\n\treturn 0;\n}\n\nSEC(\"?freplace\")\nint freplace_kprobe(struct pt_regs *regs)\n{\n\tregs->di = 0;\n\treturn 0;\n}\n\nfreplace_kprobe prog will attach to kprobe prog.\nkprobe prog will attach to a kernel function.\n\nWithout this patch, when the kernel function runs, its first arg will\nalways be set as 0 via the freplace_kprobe prog.\n\nTo fix the abuse of kprobe_write_ctx=true via kprobe+freplace, disallow\nattaching freplace programs on kprobe programs with different\nkprobe_write_ctx values."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7384893d970ea114952aef54ad7e3d7d2ca82d4f","lessThan":"b312cf41b9e43f442613053f6cad39898e1baf96","versionType":"git","status":"affected"},{"version":"7384893d970ea114952aef54ad7e3d7d2ca82d4f","lessThan":"9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8","versionType":"git","status":"affected"},{"version":"7384893d970ea114952aef54ad7e3d7d2ca82d4f","lessThan":"611fe4b79af72d00d80f2223354284447daafae9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/syscall.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/611fe4b79af72d00d80f2223354284447daafae9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9836cadbd96c7e0dbb0018fa60e7872dd31ac4f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b312cf41b9e43f442613053f6cad39898e1baf96","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53097","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:23.923","lastModified":"2026-06-24T17:17:23.923","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()\n\nWhen the mt7996 pci chip is detaching, the mt7996_crash_data is\nreleased in mt7996_coredump_unregister(). However, the work item\ndump_work may still be running or pending, leading to UAF bugs\nwhen the already freed crash_data is dereferenced again in\nmt7996_mac_dump_work().\n\nThe race condition can occur as follows:\n\nCPU 0 (removal path)               | CPU 1 (workqueue)\nmt7996_pci_remove()                | mt7996_sys_recovery_set()\n mt7996_unregister_device()        |  mt7996_reset()\n  mt7996_coredump_unregister()     |   queue_work()\n   vfree(dev->coredump.crash_data) | mt7996_mac_dump_work()\n                                   |  crash_data-> // UAF\n\nFix this by ensuring dump_work is properly canceled before\nthe crash_data is deallocated. Add cancel_work_sync() in\nmt7996_unregister_device() to synchronize with any pending\nor executing dump work."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7996/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"878161d5d4a469a6ef7f3fb4fe9f676bc508ee99","lessThan":"180182a3f23ff79430a32ca2c4c1885368ceab48","versionType":"git","status":"affected"},{"version":"878161d5d4a469a6ef7f3fb4fe9f676bc508ee99","lessThan":"aa4a31cd89f4fde5043ac613fe0e27014a60a60b","versionType":"git","status":"affected"},{"version":"878161d5d4a469a6ef7f3fb4fe9f676bc508ee99","lessThan":"188e10f9ea3109d23c6b7643aa6ec2f5cb0faa6d","versionType":"git","status":"affected"},{"version":"878161d5d4a469a6ef7f3fb4fe9f676bc508ee99","lessThan":"c8f62f73bbced3a79894655bdb0b625462d956fc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7996/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/180182a3f23ff79430a32ca2c4c1885368ceab48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/188e10f9ea3109d23c6b7643aa6ec2f5cb0faa6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aa4a31cd89f4fde5043ac613fe0e27014a60a60b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c8f62f73bbced3a79894655bdb0b625462d956fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53098","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.027","lastModified":"2026-06-24T17:17:24.027","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()\n\nWhen the mt7915 pci chip is detaching, the mt7915_crash_data is\nreleased in mt7915_coredump_unregister(). However, the work item\ndump_work may still be running or pending, leading to UAF bugs\nwhen the already freed crash_data is dereferenced again in\nmt7915_mac_dump_work().\n\nThe race condition can occur as follows:\n\nCPU 0 (removal path)               | CPU 1 (workqueue)\nmt7915_pci_remove()                | mt7915_sys_recovery_set()\n mt7915_unregister_device()        |  mt7915_reset()\n  mt7915_coredump_unregister()     |   queue_work()\n   vfree(dev->coredump.crash_data) | mt7915_mac_dump_work()\n                                   |  crash_data-> // UAF\n\nFix this by ensuring dump_work is properly canceled before\nthe crash_data is deallocated. Add cancel_work_sync() in\nmt7915_unregister_device() to synchronize with any pending\nor executing dump work."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7915/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4dbcb9125cc3e10a6d879c10e4f5816d05a87c49","lessThan":"6d5202409467d621b6d1dfd7fc7dadb997fe66d2","versionType":"git","status":"affected"},{"version":"4dbcb9125cc3e10a6d879c10e4f5816d05a87c49","lessThan":"e6856af8a22a8e2cd18241a465ed00c2301b3a5e","versionType":"git","status":"affected"},{"version":"4dbcb9125cc3e10a6d879c10e4f5816d05a87c49","lessThan":"6b7cbb13c838cf2a5f2e7be0e96fe15250087939","versionType":"git","status":"affected"},{"version":"4dbcb9125cc3e10a6d879c10e4f5816d05a87c49","lessThan":"21ce6d867867645fff0ef657be18f61d9f39dcd8","versionType":"git","status":"affected"},{"version":"4dbcb9125cc3e10a6d879c10e4f5816d05a87c49","lessThan":"1146d0946b5358fad24812bd39d68f31cd40cc34","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7915/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1146d0946b5358fad24812bd39d68f31cd40cc34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/21ce6d867867645fff0ef657be18f61d9f39dcd8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6b7cbb13c838cf2a5f2e7be0e96fe15250087939","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6d5202409467d621b6d1dfd7fc7dadb997fe66d2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e6856af8a22a8e2cd18241a465ed00c2301b3a5e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53099","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.140","lastModified":"2026-06-24T17:17:24.140","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI\n\nThis was renamed in commit 23ef9d439769 (\"kcfi: Rename CONFIG_CFI_CLANG\nto CONFIG_CFI\") as it is now a compiler-agnostic option. Using the wrong\nname results in the code getting compiled out. Meaning the CFI failures\nfor btf_dtor_kfunc_t would still trigger."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/btf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"99fde4d0626176d03cea35c64a063df73816e64d","lessThan":"f74fce43dbc059e059b5346a670f697c0e97b1d0","versionType":"git","status":"affected"},{"version":"99fde4d0626176d03cea35c64a063df73816e64d","lessThan":"9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/btf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/9b0cf064ea0a6bac5e1a5fb43b004fd52fbe2b3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f74fce43dbc059e059b5346a670f697c0e97b1d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53100","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.257","lastModified":"2026-06-24T17:17:24.257","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: fix deadlock in remain-on-channel\n\nmt76_remain_on_channel() and mt76_roc_complete() call mt76_set_channel()\nwhile already holding dev->mutex. Since mt76_set_channel() also acquires\ndev->mutex, this results in a deadlock.\n\nUse __mt76_set_channel() instead of mt76_set_channel().\nAdd cancel_delayed_work_sync() for mac_work before acquiring the mutex\nin mt76_remain_on_channel() to prevent a secondary deadlock with the\nmac_work workqueue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/channel.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a8f424c1287cc79a06c21816658feea87dfcb83f","lessThan":"5fc8c5d45e44575dda9fcabdc2aac4ad97baf0cd","versionType":"git","status":"affected"},{"version":"a8f424c1287cc79a06c21816658feea87dfcb83f","lessThan":"7a89c245d203aa0ed5ff2d68ac05b48b2ef9fa3f","versionType":"git","status":"affected"},{"version":"a8f424c1287cc79a06c21816658feea87dfcb83f","lessThan":"6939b97ddad3cf3dfbb3b5a0a12ef79cb886747e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/channel.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/5fc8c5d45e44575dda9fcabdc2aac4ad97baf0cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6939b97ddad3cf3dfbb3b5a0a12ef79cb886747e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7a89c245d203aa0ed5ff2d68ac05b48b2ef9fa3f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53102","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.473","lastModified":"2026-06-24T17:17:24.473","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()\n\nmt76_connac_mcu_alloc_sta_req() allocates an skb which is expected to\nbe freed eventually by mt76_mcu_skb_send_msg(). However, currently if\nan intermediate function fails before sending, the allocated skb is\nleaked.\n\nSpecifically, mt76_connac_mcu_sta_wed_update() and\nmt76_connac_mcu_sta_key_tlv() may fail, leading to an immediate memory\nleak in the error path.\n\nFix this by explicitly freeing the skb in these error paths.\nCommit 7c0f63fe37a5 (\"wifi: mt76: mt7996: fix memory leak on\nmt7996_mcu_sta_key_tlv error\") made a similar change.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c","drivers/net/wireless/mediatek/mt76/mt7915/mcu.c","drivers/net/wireless/mediatek/mt76/mt7925/mcu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6683d988089ce0e80bd859a9493333b6b272420e","lessThan":"eb466406d2094deefadc2cd6ddb4f6eeb086d1b4","versionType":"git","status":"affected"},{"version":"6683d988089ce0e80bd859a9493333b6b272420e","lessThan":"c41075ce8cf05ed8c0e7b7efef000dce548ffc42","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c","drivers/net/wireless/mediatek/mt76/mt7915/mcu.c","drivers/net/wireless/mediatek/mt76/mt7925/mcu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/c41075ce8cf05ed8c0e7b7efef000dce548ffc42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eb466406d2094deefadc2cd6ddb4f6eeb086d1b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53103","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.567","lastModified":"2026-06-24T17:17:24.567","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync\n\nroc_abort_sync() can deadlock with roc_work(). roc_work() holds\ndev->mt76.mutex, while cancel_work_sync() waits for roc_work()\nto finish. If the caller already owns the same mutex, both\nsides block and no progress is possible.\n\nThis deadlock can occur during station removal when\nmt76_sta_state() -> mt76_sta_remove() ->\nmt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() ->\nmt7925_roc_abort_sync() invokes cancel_work_sync() while\nroc_work() is still running and holding dev->mt76.mutex.\n\nThis avoids the mutex deadlock and preserves exactly-once\nwork ownership."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7925/main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"45064d19fd3af6aeb0887b35b5564927980cf150","lessThan":"153bcba36c87a1ba555b57b6c49028d5812f895b","versionType":"git","status":"affected"},{"version":"45064d19fd3af6aeb0887b35b5564927980cf150","lessThan":"2d8e0053bca29143ace51e08c980ff076844a4b0","versionType":"git","status":"affected"},{"version":"45064d19fd3af6aeb0887b35b5564927980cf150","lessThan":"dd08ca3f092f4185ece69ce2a835c23198b1628a","versionType":"git","status":"affected"},{"version":"978d1756b3ae1b857826eb7ed8181f3c5180dce9","versionType":"git","status":"affected"},{"version":"6.11.2","lessThan":"6.12","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7925/main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/153bcba36c87a1ba555b57b6c49028d5812f895b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2d8e0053bca29143ace51e08c980ff076844a4b0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dd08ca3f092f4185ece69ce2a835c23198b1628a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.667","lastModified":"2026-06-24T17:17:24.667","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: Fix memory leak destroying device\n\nAll MT76 rx queues have an associated page_pool even if the queue is not\nassociated to a NAPI (e.g. WED RRO queues with WED enabled). Destroy the\npage_pool running mt76_dma_cleanup routine during module unload.\nMoreover returns pages to the page pool if WED is not enabled for WED RRO\nqueues."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/dma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"950d0abb5cd94f2b0710c5c42ac4398c91a7ff22","lessThan":"dcbc13d19bef3326c72f324b10f5a3e5fc4d71de","versionType":"git","status":"affected"},{"version":"950d0abb5cd94f2b0710c5c42ac4398c91a7ff22","lessThan":"4b7c92fd8b8700fac387ff43c6f6e0c4e05ec93f","versionType":"git","status":"affected"},{"version":"950d0abb5cd94f2b0710c5c42ac4398c91a7ff22","lessThan":"6b470f36616e3448d44b0ef4b1de2a3e3a31b5be","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/dma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4b7c92fd8b8700fac387ff43c6f6e0c4e05ec93f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6b470f36616e3448d44b0ef4b1de2a3e3a31b5be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dcbc13d19bef3326c72f324b10f5a3e5fc4d71de","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53105","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.760","lastModified":"2026-06-24T17:17:24.760","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: prevent NULL vif dereference in mt7925_mac_write_txwi\n\nCheck for a NULL `vif` before accessing `ieee80211_vif_is_mld(vif)` to\navoid a potential kernel panic in scenarios where `vif` might not be\ninitialized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ebb1406813c6ea60d2d95efc69ce6d53bbe43b31","lessThan":"6c52fbdc6f656ac2e8ed1e3d0f42ed21ef285e15","versionType":"git","status":"affected"},{"version":"ebb1406813c6ea60d2d95efc69ce6d53bbe43b31","lessThan":"815db7fd57aa81c93fc8a66c2fac5f8bd0a8d153","versionType":"git","status":"affected"},{"version":"ebb1406813c6ea60d2d95efc69ce6d53bbe43b31","lessThan":"5d5bdea4ffcf54a6c4e751df713f95a1d783f298","versionType":"git","status":"affected"},{"version":"ebb1406813c6ea60d2d95efc69ce6d53bbe43b31","lessThan":"962eb04e67552be406c906c83099c1d736aae3b6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/5d5bdea4ffcf54a6c4e751df713f95a1d783f298","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6c52fbdc6f656ac2e8ed1e3d0f42ed21ef285e15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/815db7fd57aa81c93fc8a66c2fac5f8bd0a8d153","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/962eb04e67552be406c906c83099c1d736aae3b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53106","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.860","lastModified":"2026-06-24T17:17:24.860","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not allow deleting local storage in NMI\n\nCurrently, local storage may deadlock when deferring freeing selem or\nlocal storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace()\nin NMI or reentrant. Since deleting selem in NMI is an unlikely use\ncase, partially mitigate it by returning error when calling from\nbpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible\nto deadlock through reentrant. A full mitigation requires returning\nerror when irqs_disabled() is true, which, however is too heavy-handed\nfor bpf_xxx_storage_delete().\n\nThe long-term solution requires _nolock versions of call_rcu. Another\npossible solution is to defer the free through irq_work [0], but it\nwould grow the size of selem, which is non-ideal.\n\nThe check is only needed in bpf_selem_unlink(), which is used by helpers\nand syscalls. bpf_selem_unlink_nofail() is fine as it is called during\nmap and owner tear down that never run in NMI or reentrant.\n\n[0] https://lore.kernel.org/bpf/20260205190233.912-1-alexei.starovoitov@gmail.com/"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["kernel/bpf/bpf_local_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a10787e6d58c24b51e91c19c6d16c5da89fcaa4b","lessThan":"e84acaf936970b5b0be2c93bbf255295ba9406df","versionType":"git","status":"affected"},{"version":"a10787e6d58c24b51e91c19c6d16c5da89fcaa4b","lessThan":"350de5b8a9befaa2a68861c51f671d4f5f751ca5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["kernel/bpf/bpf_local_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/350de5b8a9befaa2a68861c51f671d4f5f751ca5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e84acaf936970b5b0be2c93bbf255295ba9406df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53107","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:24.950","lastModified":"2026-06-24T17:17:24.950","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: don't kill URBs in interrupt context\n\nSerialization for the TX path was enforced by calling\nusb_kill_urb()/usb_kill_anchored_urbs(), to prevent transmission before\na previous URB was completed. usb_tx_block() can be called from\ninterrupt context (e.g. in the HCD giveback path), so we can't always\nuse it to kill in-flight URBs.\n\nPrevent sleeping during interrupt context by checking the tx_submitted\nanchor for existing URBs. We now return -EBUSY, to indicate there's\na pending request."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/marvell/libertas/if_usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3308c7504e093b22e91a4468470309cee2e26b83","lessThan":"00c0317cebf44151df18fb647781f315268cdd98","versionType":"git","status":"affected"},{"version":"d66676e6ca96bf8680f869a9bd6573b26c634622","lessThan":"4f273d3f98ebc60c30bbfb3ed4a7f0477d3eaed2","versionType":"git","status":"affected"},{"version":"d66676e6ca96bf8680f869a9bd6573b26c634622","lessThan":"7c5c2b661bdb78c1472b8833265c9ed1ee880039","versionType":"git","status":"affected"},{"version":"498525d8358d6d20918787e59736d5b6a021e9fd","versionType":"git","status":"affected"},{"version":"2902a9b4415a6bafc9b1e5dd360f065d757a0bb7","versionType":"git","status":"affected"},{"version":"948a39c95d0f8d73722910f8cdb7b6e3e9206232","versionType":"git","status":"affected"},{"version":"5bfb25495e391a1be0db94b15715174fa06b93a1","versionType":"git","status":"affected"},{"version":"b82073564373e68c6ae3a96039fae14cd002a496","versionType":"git","status":"affected"},{"version":"fc188b44547dea4e7350833171982a6312befde9","versionType":"git","status":"affected"},{"version":"6.18.16","lessThan":"6.18.33","versionType":"semver","status":"affected"},{"version":"5.10.252","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.202","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"6.1.165","lessThan":"6.2","versionType":"semver","status":"affected"},{"version":"6.6.128","lessThan":"6.7","versionType":"semver","status":"affected"},{"version":"6.12.75","lessThan":"6.13","versionType":"semver","status":"affected"},{"version":"6.19.6","lessThan":"6.20","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/marvell/libertas/if_usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/00c0317cebf44151df18fb647781f315268cdd98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4f273d3f98ebc60c30bbfb3ed4a7f0477d3eaed2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7c5c2b661bdb78c1472b8833265c9ed1ee880039","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53108","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.107","lastModified":"2026-06-24T17:17:25.107","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix unmap race with PMD migration entries\n\nThe following race is possible with migration swap entries or\ndevice-private THP entries. e.g. when move_pages is called on a PMD THP\npage, then there maybe an intermediate state, where PMD entry acts as\na migration swap entry (pmd_present() is true). Then if an munmap\nhappens at the same time, then this VM_BUG_ON() can happen in\npmdp_huge_get_and_clear_full().\n\nThis patch fixes that.\n\nThread A: move_pages() syscall\n  add_folio_for_migration()\n    mmap_read_lock(mm)\n    folio_isolate_lru(folio)\n    mmap_read_unlock(mm)\n\n  do_move_pages_to_node()\n    migrate_pages()\n      try_to_migrate_one()\n        spin_lock(ptl)\n        set_pmd_migration_entry()\n          pmdp_invalidate()     # PMD: _PAGE_INVALID | _PAGE_PTE | pfn\n          set_pmd_at()          # PMD: migration swap entry (pmd_present=0)\n        spin_unlock(ptl)\n        [page copy phase]       # <--- RACE WINDOW -->\n\nThread B: munmap()\n  mmap_write_downgrade(mm)\n  unmap_vmas() -> zap_pmd_range()\n    zap_huge_pmd()\n      __pmd_trans_huge_lock()\n        pmd_is_huge():          # !pmd_present && !pmd_none -> TRUE (swap entry)\n        pmd_lock() -> \t\t# spin_lock(ptl), waits for Thread A to release ptl\n      pmdp_huge_get_and_clear_full()\n        VM_BUG_ON(!pmd_present(*pmdp))  # HITS!\n\n[  287.738700][ T1867] ------------[ cut here ]------------\n[  287.743843][ T1867] kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:187!\ncpu 0x0: Vector: 700 (Program Check) at [c00000044037f4f0]\n    pc: c000000000094ca4: pmdp_huge_get_and_clear_full+0x6c/0x23c\n    lr: c000000000645dec: zap_huge_pmd+0xb0/0x868\n    sp: c00000044037f790\n   msr: 800000000282b033\n  current = 0xc0000004032c1a00\n  paca    = 0xc000000004fe0000   irqmask: 0x03   irq_happened: 0x09\n    pid   = 1867, comm = a.out\nkernel BUG at :187!\nLinux version 6.19.0-12136-g14360d4f917c-dirty (powerpc64le-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #27 SMP PREEMPT Sun Feb 22 10:38:56 IST 2026\nenter ? for help\n[link register   ] c000000000645dec zap_huge_pmd+0xb0/0x868\n[c00000044037f790] c00000044037f7d0 (unreliable)\n[c00000044037f7d0] c000000000645dcc zap_huge_pmd+0x90/0x868\n[c00000044037f840] c0000000005724cc unmap_page_range+0x176c/0x1f40\n[c00000044037fa00] c000000000572ea0 unmap_vmas+0xb0/0x1d8\n[c00000044037fa90] c0000000005af254 unmap_region+0xb4/0x128\n[c00000044037fb50] c0000000005af400 vms_complete_munmap_vmas+0x138/0x310\n[c00000044037fbe0] c0000000005b0f1c do_vmi_align_munmap+0x1ec/0x238\n[c00000044037fd30] c0000000005b3688 __vm_munmap+0x170/0x1f8\n[c00000044037fdf0] c000000000587f74 sys_munmap+0x2c/0x40\n[c00000044037fe10] c000000000032668 system_call_exception+0x128/0x350\n[c00000044037fe50] c00000000000d05c system_call_vectored_common+0x15c/0x2ec\n---- Exception: 3000 (System Call Vectored) at 0000000010064a2c\nSP (7fff9b1ee9c0) is in userspace\n0:mon> zh\n\ncommit a30b48bf1b24 (\"mm/migrate_device: implement THP migration of zone device pages\"),\nenabled migration for device-private PMD entries. Hence this is one\nother path where this warning could get trigger from.\n\n ------------[ cut here ]------------\n WARNING: arch/powerpc/mm/book3s64/hash_pgtable.c:199 at hash__pmd_hugepage_update+0x48/0x284, CPU#3: hmm-tests/1905\n Modules linked in: test_hmm\n CPU: 3 UID: 0 PID: 1905 Comm: hmm-tests Tainted: G    B   W    L   N  7.0.0-rc1-01438-g7e2f0ee7581c #21 PREEMPT\n Tainted: [B]=BAD_PAGE, [W]=WARN, [L]=SOFTLOCKUP, [N]=TEST\n Hardware name: IBM pSeries (emulated by qemu) POWER10 (architected) 0x801200 0xf000006 of:SLOF,git-ee03ae pSeries\n NIP [c000000000096b70] hash__pmd_hugepage_update+0x48/0x284\n LR [c000000000096e7c] hash__pmdp_huge_get_and_clear+0xd0/0xd4\n Call Trace:\n [c000000604707670] [c000000004e102b8] 0xc000000004e102b8 (unreliable)\n [c000000604707700] [c00000000064ec3c] set_pmd_migration_entry+0x414/0x498\n [c000000604707760] [c00000000063e5a4] migrate_vma_col\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/include/asm/book3s/64/pgtable.h","arch/powerpc/mm/book3s64/pgtable.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"75358ea359e7c0dfceb3c7b3d854570b4260cb7f","lessThan":"829367e55012c053738ebe7db20c4a90d6609ece","versionType":"git","status":"affected"},{"version":"75358ea359e7c0dfceb3c7b3d854570b4260cb7f","lessThan":"bbcbf045d6c778e82b47a35fc8728387708e9a3d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/include/asm/book3s/64/pgtable.h","arch/powerpc/mm/book3s64/pgtable.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/829367e55012c053738ebe7db20c4a90d6609ece","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bbcbf045d6c778e82b47a35fc8728387708e9a3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53109","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.230","lastModified":"2026-06-24T17:17:25.230","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pgtable-frag: Fix bad page state in pte_frag_destroy\n\npowerpc uses pt_frag_refcount as a reference counter for tracking it's\npte and pmd page table fragments. For PTE table, in case of Hash with\n64K pagesize, we have 16 fragments of 4K size in one 64K page.\n\nPatch series [1] \"mm: free retracted page table by RCU\"\nadded pte_free_defer() to defer the freeing of PTE tables when\nretract_page_tables() is called for madvise MADV_COLLAPSE on shmem\nrange.\n[1]: https://lore.kernel.org/all/7cd843a9-aa80-14f-5eb2-33427363c20@google.com/\n\npte_free_defer() sets the active flag on the corresponding fragment's\nfolio & calls pte_fragment_free(), which reduces the pt_frag_refcount.\nWhen pt_frag_refcount reaches 0 (no active fragment using the folio), it\nchecks if the folio active flag is set, if set, it calls call_rcu to\nfree the folio, it the active flag is unset then it calls pte_free_now().\n\nNow, this can lead to following problem in a corner case...\n\n[  265.351553][  T183] BUG: Bad page state in process a.out  pfn:20d62\n[  265.353555][  T183] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20d62\n[  265.355457][  T183] flags: 0x3ffff800000100(active|node=0|zone=0|lastcpupid=0x7ffff)\n[  265.358719][  T183] raw: 003ffff800000100 0000000000000000 5deadbeef0000122 0000000000000000\n[  265.360177][  T183] raw: 0000000000000000 c0000000119caf58 00000000ffffffff 0000000000000000\n[  265.361438][  T183] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n[  265.362572][  T183] Modules linked in:\n[  265.364622][  T183] CPU: 0 UID: 0 PID: 183 Comm: a.out Not tainted 6.18.0-rc3-00141-g1ddeaaace7ff-dirty #53 VOLUNTARY\n[  265.364785][  T183] Hardware name: IBM pSeries (emulated by qemu) POWER10 (architected) 0x801200 0xf000006 of:SLOF,git-ee03ae pSeries\n[  265.364908][  T183] Call Trace:\n[  265.364955][  T183] [c000000011e6f7c0] [c000000001cfaa18] dump_stack_lvl+0x130/0x148 (unreliable)\n[  265.365202][  T183] [c000000011e6f7f0] [c000000000794758] bad_page+0xb4/0x1c8\n[  265.365384][  T183] [c000000011e6f890] [c00000000079c020] __free_frozen_pages+0x838/0xd08\n[  265.365554][  T183] [c000000011e6f980] [c0000000000a70ac] pte_frag_destroy+0x298/0x310\n[  265.365729][  T183] [c000000011e6fa30] [c0000000000aa764] arch_exit_mmap+0x34/0x218\n[  265.365912][  T183] [c000000011e6fa80] [c000000000751698] exit_mmap+0xb8/0x820\n[  265.366080][  T183] [c000000011e6fc30] [c0000000001b1258] __mmput+0x98/0x300\n[  265.366244][  T183] [c000000011e6fc80] [c0000000001c81f8] do_exit+0x470/0x1508\n[  265.366421][  T183] [c000000011e6fd70] [c0000000001c95e4] do_group_exit+0x88/0x148\n[  265.366602][  T183] [c000000011e6fdc0] [c0000000001c96ec] pid_child_should_wake+0x0/0x178\n[  265.366780][  T183] [c000000011e6fdf0] [c00000000003a270] system_call_exception+0x1b0/0x4e0\n[  265.366958][  T183] [c000000011e6fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n\nThe bad page state error occurs when such a folio gets freed (with\nactive flag set), from do_exit() path in parallel.\n\n... this can happen when the pte fragment was allocated from this folio,\nbut when all the fragments get freed, the pte_frag_refcount still had some\nunused fragments. Now, if this process exits, with such folio as it's cached\npte_frag in mm->context, then during pte_frag_destroy(), we simply call\npagetable_dtor() and pagetable_free(), meaning it doesn't clear the\nactive flag. This, can lead to the above bug. Since we are anyway in\ndo_exit() path, then if the refcount is 0, then I guess it should be\nok to simply clear the folio active flag before calling pagetable_dtor()\n& pagetable_free()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/mm/pgtable-frag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"32cc0b7c9d508efde8946a82eb3c4acfa8dfed15","lessThan":"c8b710655012a2993a9567873fb71a8a51f8459c","versionType":"git","status":"affected"},{"version":"32cc0b7c9d508efde8946a82eb3c4acfa8dfed15","lessThan":"a32db6fca3c74b4eb8bae5470f0680deb4cbac6f","versionType":"git","status":"affected"},{"version":"32cc0b7c9d508efde8946a82eb3c4acfa8dfed15","lessThan":"fda4d71651f71c44b35829d13f3c8bf920032f77","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/mm/pgtable-frag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/a32db6fca3c74b4eb8bae5470f0680deb4cbac6f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c8b710655012a2993a9567873fb71a8a51f8459c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fda4d71651f71c44b35829d13f3c8bf920032f77","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53111","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.453","lastModified":"2026-06-24T17:17:25.453","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap\n\nThe bpf_lwt_xmit_push_encap helper needs to access skb_dst(skb)->dev to\ncalculate the needed headroom:\n\n\terr = skb_cow_head(skb,\n\t\t\t   len + LL_RESERVED_SPACE(skb_dst(skb)->dev));\n\nBut skb->_skb_refdst may not be initialized when the skb is set up by\nbpf_prog_test_run_skb function. Executing bpf_lwt_push_ip_encap function\nin this scenario will trigger null pointer dereference, causing a kernel\ncrash as Yinhao reported:\n\n[  105.186365] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[  105.186382] #PF: supervisor read access in kernel mode\n[  105.186388] #PF: error_code(0x0000) - not-present page\n[  105.186393] PGD 121d3d067 P4D 121d3d067 PUD 106c83067 PMD 0\n[  105.186404] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  105.186412] CPU: 3 PID: 3250 Comm: poc Kdump: loaded Not tainted 6.19.0-rc5 #1\n[  105.186423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  105.186427] RIP: 0010:bpf_lwt_push_ip_encap+0x1eb/0x520\n[  105.186443] Code: 0f 84 de 01 00 00 0f b7 4a 04 66 85 c9 0f 85 47 01 00 00 31 c0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8b 73 58 48 83 e6 fe <48> 8b 36 0f b7 be ec 00 00 00 0f b7 b6 e6 00 00 00 01 fe 83 e6 f0\n[  105.186449] RSP: 0018:ffffbb0e0387bc50 EFLAGS: 00010246\n[  105.186455] RAX: 000000000000004e RBX: ffff94c74e036500 RCX: ffff94c74874da00\n[  105.186460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff94c74e036500\n[  105.186463] RBP: 0000000000000001 R08: 0000000000000002 R09: 0000000000000000\n[  105.186467] R10: ffffbb0e0387bd50 R11: 0000000000000000 R12: ffffbb0e0387bc98\n[  105.186471] R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000002\n[  105.186484] FS:  00007f166aa4d680(0000) GS:ffff94c8b7780000(0000) knlGS:0000000000000000\n[  105.186490] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  105.186494] CR2: 0000000000000000 CR3: 000000015eade001 CR4: 0000000000770ee0\n[  105.186499] PKRU: 55555554\n[  105.186502] Call Trace:\n[  105.186507]  <TASK>\n[  105.186513]  bpf_lwt_xmit_push_encap+0x2b/0x40\n[  105.186522]  bpf_prog_a75eaad51e517912+0x41/0x49\n[  105.186536]  ? kvm_clock_get_cycles+0x18/0x30\n[  105.186547]  ? ktime_get+0x3c/0xa0\n[  105.186554]  bpf_test_run+0x195/0x320\n[  105.186563]  ? bpf_test_run+0x10f/0x320\n[  105.186579]  bpf_prog_test_run_skb+0x2f5/0x4f0\n[  105.186590]  __sys_bpf+0x69c/0xa40\n[  105.186603]  __x64_sys_bpf+0x1e/0x30\n[  105.186611]  do_syscall_64+0x59/0x110\n[  105.186620]  entry_SYSCALL_64_after_hwframe+0x76/0xe0\n[  105.186649] RIP: 0033:0x7f166a97455d\n\nTemporarily add the setting of skb->_skb_refdst before bpf_test_run to resolve the issue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bpf/test_run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"5c8d1f91fc4898d79f29d79c1a6f7c2b3ee66fb0","versionType":"git","status":"affected"},{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"c7ad31fb948fdd4905263f4324160682c3fa7bc6","versionType":"git","status":"affected"},{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"599905c3f10bb83e6e6881d5a7f5cea5df07dc23","versionType":"git","status":"affected"},{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"5500913516e071dbe23e5a404c861dd2d82c9589","versionType":"git","status":"affected"},{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"94f95328b9070909b5b875c647b17a11d3d85567","versionType":"git","status":"affected"},{"version":"52f278774e796a553be0c869dcaaee6f259ca795","lessThan":"972787479ee73006fddb5e59ab5c8e733810ff42","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bpf/test_run.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/5500913516e071dbe23e5a404c861dd2d82c9589","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/599905c3f10bb83e6e6881d5a7f5cea5df07dc23","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c8d1f91fc4898d79f29d79c1a6f7c2b3ee66fb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/94f95328b9070909b5b875c647b17a11d3d85567","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/972787479ee73006fddb5e59ab5c8e733810ff42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c7ad31fb948fdd4905263f4324160682c3fa7bc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53112","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.583","lastModified":"2026-06-24T17:17:25.583","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet\n\nThe irq_prepare_bcn_tasklet is initialized in rtl_pci_init() and\nscheduled when RTL_IMR_BCNINT interrupt is triggered by hardware.\nBut it is never killed in rtl_pci_deinit(). When the rtlwifi card\nprobe fails or is being detached, the ieee80211_hw is deallocated.\nHowever, irq_prepare_bcn_tasklet may still be running or pending,\nleading to use-after-free when the freed ieee80211_hw is accessed\nin _rtl_pci_prepare_bcn_tasklet().\n\nSimilar to irq_tasklet, add tasklet_kill() in rtl_pci_deinit() to\nensure that irq_prepare_bcn_tasklet is properly terminated before\nthe ieee80211_hw is released.\n\nThe issue was identified through static analysis."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/realtek/rtlwifi/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"ae10d4a1ab6bcaa1336abb171908a9a365761d3e","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"fac1079e0fdec6df6d7562c21941587236dc3def","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"e40873820c9d245ce482faa7ad514ebdb3b8d23d","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"008c456b76e9070979bc0e763897a5d3b0fdd4dc","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"7731b67bd59d1284d150cbe40a47e95a10613234","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"aa10a452e34810987fb9f4a047995b30003fb53f","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"3c0e8a3179e6325a7dc6ce221aef0e03d854ab4b","versionType":"git","status":"affected"},{"version":"0c8173385e549f95cd80c3fff5aab87b4f881d8d","lessThan":"039cd522dc70151da13329a5e3ae19b1736f468a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/realtek/rtlwifi/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.38","status":"affected"},{"version":"0","lessThan":"2.6.38","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/008c456b76e9070979bc0e763897a5d3b0fdd4dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/039cd522dc70151da13329a5e3ae19b1736f468a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3c0e8a3179e6325a7dc6ce221aef0e03d854ab4b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7731b67bd59d1284d150cbe40a47e95a10613234","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aa10a452e34810987fb9f4a047995b30003fb53f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ae10d4a1ab6bcaa1336abb171908a9a365761d3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e40873820c9d245ce482faa7ad514ebdb3b8d23d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fac1079e0fdec6df6d7562c21941587236dc3def","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53113","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.700","lastModified":"2026-06-24T17:17:25.700","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leaks in beacon template setup\n\nThe functions ath11k_mac_setup_bcn_tmpl_ema() and\nath11k_mac_setup_bcn_tmpl_mbssid() allocate memory for beacon templates\nbut fail to free it when parameter setup returns an error.\n\nSince beacon templates must be released during normal execution, they\nmust also be released in the error handling paths to prevent memory\nleaks.\n\nFix this by using unified exit paths with proper cleanup in the respective\nerror paths.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/ath/ath11k/mac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"335a92765d308dfe22826f5562cd4b4389b45e71","lessThan":"5d63aa38d5ca85206d9699ffdd616b58780dba07","versionType":"git","status":"affected"},{"version":"335a92765d308dfe22826f5562cd4b4389b45e71","lessThan":"ff49eba595df500e4ddccc593088c8a4ab5f2c27","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/ath/ath11k/mac.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/5d63aa38d5ca85206d9699ffdd616b58780dba07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ff49eba595df500e4ddccc593088c8a4ab5f2c27","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53114","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.797","lastModified":"2026-06-24T17:17:25.797","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler\n\nCalling perf_allow_kernel() from the NMI context is unsafe and could be\nfatal. Capture the permission at event-initialization time by storing it\nin event->hw.flags, and have the NMI handler rely on that cached flag\ninstead of making the call directly."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/events/amd/ibs.c","arch/x86/events/perf_event_flags.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"50a53b60e141d7e31368a87e222e4dd5597bd4ae","lessThan":"2783ed2442ce69ae240b787aee6dae801cef7aec","versionType":"git","status":"affected"},{"version":"50a53b60e141d7e31368a87e222e4dd5597bd4ae","lessThan":"0584e74fa2b27e9e722cfb5b579f79263df20040","versionType":"git","status":"affected"},{"version":"50a53b60e141d7e31368a87e222e4dd5597bd4ae","lessThan":"b0a09142622a994c4f4088c3f61db5da87cfc711","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/events/amd/ibs.c","arch/x86/events/perf_event_flags.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0584e74fa2b27e9e722cfb5b579f79263df20040","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2783ed2442ce69ae240b787aee6dae801cef7aec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b0a09142622a994c4f4088c3f61db5da87cfc711","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53115","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.890","lastModified":"2026-06-24T17:17:25.890","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/bus/fsl-mc/fsl-mc-bus.c","drivers/vfio/fsl-mc/vfio_fsl_mc.c","include/linux/fsl/mc.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"4911b836f35c034c36f102db4ecbe339b38e7d1d","versionType":"git","status":"affected"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"8139ce66b52a4a5638bfb445b037c07d4abeb08e","versionType":"git","status":"affected"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"60bfb563a399c4597dc80588a1109758a8908b97","versionType":"git","status":"affected"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"6c8dfb0362732bf1e4829867a2a5239fedc592d0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/bus/fsl-mc/fsl-mc-bus.c","drivers/vfio/fsl-mc/vfio_fsl_mc.c","include/linux/fsl/mc.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/4911b836f35c034c36f102db4ecbe339b38e7d1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/60bfb563a399c4597dc80588a1109758a8908b97","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6c8dfb0362732bf1e4829867a2a5239fedc592d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8139ce66b52a4a5638bfb445b037c07d4abeb08e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53116","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:25.993","lastModified":"2026-06-24T17:17:25.993","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: use generic driver_override infrastructure\n\nWhen the AP masks are updated via apmask_store() or aqmask_store(),\nap_bus_revise_bindings() is called after ap_attr_mutex has been\nreleased.\n\nThis calls __ap_revise_reserved(), which accesses the driver_override\nfield without holding any lock, racing against a concurrent\ndriver_override_store() that may free the old string, resulting in a\npotential UAF.\n\nFix this by using the driver-core driver_override infrastructure, which\nprotects all accesses with an internal spinlock.\n\nNote that unlike most other buses, the AP bus does not check\ndriver_override in its match() callback; the override is checked in\nap_device_probe() and __ap_revise_reserved() instead.\n\nAlso note that we do not enable the driver_override feature of struct\nbus_type, as AP - in contrast to most other buses - passes \"\" to\nsysfs_emit() when the driver_override pointer is NULL. Thus, printing\n\"\\n\" instead of \"(null)\\n\".\n\nAdditionally, AP has a custom counter that is modified in the\ncorresponding custom driver_override_store()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/s390/crypto/ap_bus.c","drivers/s390/crypto/ap_bus.h","drivers/s390/crypto/ap_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d38a87d7c0643db61e7a3bfc3ebeea2dc2568f7e","lessThan":"8f2eca0570438b94602da1297353eb7b10dcb6cb","versionType":"git","status":"affected"},{"version":"d38a87d7c0643db61e7a3bfc3ebeea2dc2568f7e","lessThan":"81d6f7c3a70b10ff757ee8b5f8114a190871cf1e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/s390/crypto/ap_bus.c","drivers/s390/crypto/ap_bus.h","drivers/s390/crypto/ap_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/81d6f7c3a70b10ff757ee8b5f8114a190871cf1e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8f2eca0570438b94602da1297353eb7b10dcb6cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53117","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.090","lastModified":"2026-06-24T17:17:26.090","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/s390/cio/cio.h","drivers/s390/cio/css.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ebc3d179150347f3b6d97d8f249378bb2218f95e","lessThan":"c4295487124f461405e1ef64dfa8c4ab0cb7ebcf","versionType":"git","status":"affected"},{"version":"ebc3d179150347f3b6d97d8f249378bb2218f95e","lessThan":"106d594711e97762788046c5bbb94f580abc4bf4","versionType":"git","status":"affected"},{"version":"ebc3d179150347f3b6d97d8f249378bb2218f95e","lessThan":"2081957d8c323ffb58a10bc64837717ac5a042a1","versionType":"git","status":"affected"},{"version":"ebc3d179150347f3b6d97d8f249378bb2218f95e","lessThan":"b660ba045b2b22cf3b4be72773de00cb48f47be5","versionType":"git","status":"affected"},{"version":"ebc3d179150347f3b6d97d8f249378bb2218f95e","lessThan":"ac4d8bb6e2e13e8684a76ea48d13ebaaaf5c24c4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/s390/cio/cio.h","drivers/s390/cio/css.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/106d594711e97762788046c5bbb94f580abc4bf4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2081957d8c323ffb58a10bc64837717ac5a042a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ac4d8bb6e2e13e8684a76ea48d13ebaaaf5c24c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b660ba045b2b22cf3b4be72773de00cb48f47be5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c4295487124f461405e1ef64dfa8c4ab0cb7ebcf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53118","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.190","lastModified":"2026-06-24T17:17:26.190","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/vdpa/vdpa.c","include/linux/vdpa.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"539fec78edb4e084e7c532affc56cc42d4ceea4b","lessThan":"654ef9c33e138ede6734ac286282df9faf83cd11","versionType":"git","status":"affected"},{"version":"539fec78edb4e084e7c532affc56cc42d4ceea4b","lessThan":"fb5cb4913ce333cc4647722e8c2b8378e12f2464","versionType":"git","status":"affected"},{"version":"539fec78edb4e084e7c532affc56cc42d4ceea4b","lessThan":"85bb534ff12aab6916058897b39c748940a7a4c6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/vdpa/vdpa.c","include/linux/vdpa.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53119","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.283","lastModified":"2026-06-24T17:17:26.283","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/wmi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/platform/wmi/core.c","include/linux/wmi.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"12046f8c77e0ed6d41beabde0edbb729499c970b","lessThan":"13d201bd840d2e2a645ef899f81342cd27ced346","versionType":"git","status":"affected"},{"version":"12046f8c77e0ed6d41beabde0edbb729499c970b","lessThan":"2c5507010fc3b8e2bd596c63c88f6ad39a69b1c4","versionType":"git","status":"affected"},{"version":"12046f8c77e0ed6d41beabde0edbb729499c970b","lessThan":"4dc755d86deed88789540d960e421124bad4c568","versionType":"git","status":"affected"},{"version":"12046f8c77e0ed6d41beabde0edbb729499c970b","lessThan":"8a700b1fc94df4d847a04f14ebc7f8532592b367","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/platform/wmi/core.c","include/linux/wmi.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/13d201bd840d2e2a645ef899f81342cd27ced346","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2c5507010fc3b8e2bd596c63c88f6ad39a69b1c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4dc755d86deed88789540d960e421124bad4c568","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8a700b1fc94df4d847a04f14ebc7f8532592b367","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53120","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.380","lastModified":"2026-06-24T17:17:26.380","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pci/pci-driver.c","drivers/pci/pci-sysfs.c","drivers/pci/probe.c","drivers/vfio/pci/vfio_pci_core.c","drivers/xen/xen-pciback/pci_stub.c","include/linux/pci.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"782a985d7af26db39e86070d28f987cad21313c0","lessThan":"dfe950d9464cad609f3b118c6203e2708055bc61","versionType":"git","status":"affected"},{"version":"782a985d7af26db39e86070d28f987cad21313c0","lessThan":"58a42be0d70307d765594fc581f5f5e5ef059712","versionType":"git","status":"affected"},{"version":"782a985d7af26db39e86070d28f987cad21313c0","lessThan":"c5b2c5755495507e14f310c2653c85de0a309b1f","versionType":"git","status":"affected"},{"version":"782a985d7af26db39e86070d28f987cad21313c0","lessThan":"10a4206a24013be4d558d476010cbf2eb4c9fa64","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pci/pci-driver.c","drivers/pci/pci-sysfs.c","drivers/pci/probe.c","drivers/vfio/pci/vfio_pci_core.c","drivers/xen/xen-pciback/pci_stub.c","include/linux/pci.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.16","status":"affected"},{"version":"0","lessThan":"3.16","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/10a4206a24013be4d558d476010cbf2eb4c9fa64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/58a42be0d70307d765594fc581f5f5e5ef059712","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c5b2c5755495507e14f310c2653c85de0a309b1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dfe950d9464cad609f3b118c6203e2708055bc61","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53121","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.473","lastModified":"2026-06-24T17:17:26.473","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\namd-pstate: Fix memory leak in amd_pstate_epp_cpu_init()\n\nOn failure to set the epp, the function amd_pstate_epp_cpu_init()\nreturns with an error code without freeing the cpudata object that was\nallocated at the beginning of the function.\n\nEnsure that the cpudata object is freed before returning from the\nfunction.\n\nThis memory leak was discovered by Claude Opus 4.6 with the aid of\nChris Mason's AI review-prompts\n(https://github.com/masoncl/review-prompts/tree/main/kernel)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/cpufreq/amd-pstate.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f9a378ff6443cdcd4387e5dbb76fa5fa549a83ec","lessThan":"539aabbab190825c77eb455ec35652cb3720625f","versionType":"git","status":"affected"},{"version":"f9a378ff6443cdcd4387e5dbb76fa5fa549a83ec","lessThan":"7f9aa2359742eaa6ea65ec0d20dafdfd0add9b8b","versionType":"git","status":"affected"},{"version":"f9a378ff6443cdcd4387e5dbb76fa5fa549a83ec","lessThan":"beda3b363546a423e4e29a7395e04c0ac4ff677e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/cpufreq/amd-pstate.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/539aabbab190825c77eb455ec35652cb3720625f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7f9aa2359742eaa6ea65ec0d20dafdfd0add9b8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/beda3b363546a423e4e29a7395e04c0ac4ff677e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53122","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.573","lastModified":"2026-06-24T17:17:26.573","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock between reflink and transaction commit when using flushoncommit\n\nWhen using the flushoncommit mount option, we can have a deadlock between\na transaction commit and a reflink operation that copied an inline extent\nto an offset beyond the current i_size of the destination node.\n\nThe deadlock happens like this:\n\n1) Task A clones an inline extent from inode X to an offset of inode Y\n   that is beyond Y's current i_size. This means we copied the inline\n   extent's data to a folio of inode Y that is beyond its EOF, using a\n   call to copy_inline_to_page();\n\n2) Task B starts a transaction commit and calls\n   btrfs_start_delalloc_flush() to flush delalloc;\n\n3) The delalloc flushing sees the new dirty folio of inode Y and when it\n   attempts to flush it, it ends up at extent_writepage() and sees that\n   the offset of the folio is beyond the i_size of inode Y, so it attempts\n   to invalidate the folio by calling folio_invalidate(), which ends up at\n   btrfs' folio invalidate callback - btrfs_invalidate_folio(). There it\n   tries to lock the folio's range in inode Y's extent io tree, but it\n   blocks since it's currently locked by task A - during a reflink we lock\n   the inodes and the source and destination ranges after flushing all\n   delalloc and waiting for ordered extent completion - after that we\n   don't expect to have dirty folios in the ranges, the exception is if\n   we have to copy an inline extent's data (because the destination offset\n   is not zero);\n\n4) Task A then attempts to start a transaction to update the inode item,\n   and then it's blocked since the current transaction is in the\n   TRANS_STATE_COMMIT_START state. Therefore task A has to wait for the\n   current transaction to become unblocked (its state >=\n   TRANS_STATE_UNBLOCKED).\n\n   So task A is waiting for the transaction commit done by task B, and\n   the later waiting on the extent lock of inode Y that is currently\n   held by task A.\n\nSyzbot recently reported this with the following stack traces:\n\n  INFO: task kworker/u8:7:1053 blocked for more than 143 seconds.\n        Not tainted syzkaller #0\n  \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n  task:kworker/u8:7    state:D stack:23520 pid:1053  tgid:1053  ppid:2      task_flags:0x4208060 flags:0x00080000\n  Workqueue: writeback wb_workfn (flush-btrfs-46)\n  Call Trace:\n   <TASK>\n   context_switch kernel/sched/core.c:5298 [inline]\n   __schedule+0x1553/0x5240 kernel/sched/core.c:6911\n   __schedule_loop kernel/sched/core.c:6993 [inline]\n   schedule+0x164/0x360 kernel/sched/core.c:7008\n   wait_extent_bit fs/btrfs/extent-io-tree.c:811 [inline]\n   btrfs_lock_extent_bits+0x59c/0x700 fs/btrfs/extent-io-tree.c:1914\n   btrfs_lock_extent fs/btrfs/extent-io-tree.h:152 [inline]\n   btrfs_invalidate_folio+0x43d/0xc40 fs/btrfs/inode.c:7704\n   extent_writepage fs/btrfs/extent_io.c:1852 [inline]\n   extent_write_cache_pages fs/btrfs/extent_io.c:2580 [inline]\n   btrfs_writepages+0x12ff/0x2440 fs/btrfs/extent_io.c:2713\n   do_writepages+0x32e/0x550 mm/page-writeback.c:2554\n   __writeback_single_inode+0x133/0x11a0 fs/fs-writeback.c:1750\n   writeback_sb_inodes+0x995/0x19d0 fs/fs-writeback.c:2042\n   wb_writeback+0x456/0xb70 fs/fs-writeback.c:2227\n   wb_do_writeback fs/fs-writeback.c:2374 [inline]\n   wb_workfn+0x41a/0xf60 fs/fs-writeback.c:2414\n   process_one_work kernel/workqueue.c:3276 [inline]\n   process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359\n   worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440\n   kthread+0x388/0x470 kernel/kthread.c:436\n   ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n   </TASK>\n  INFO: task syz.4.64:6910 blocked for more than 143 seconds.\n        Not tainted syzkaller #0\n  \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n  task:syz.4.64        state:D stack:22752 pid:6910  tgid:\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/btrfs/reflink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"05a5a7621ce66c142e081ffc24dd6ade6e912061","lessThan":"73be4a08306bb84f4d5d16f62cb80e1543109ffa","versionType":"git","status":"affected"},{"version":"05a5a7621ce66c142e081ffc24dd6ade6e912061","lessThan":"9a24f0000876b8755cf21972b41632f4d6f3dafb","versionType":"git","status":"affected"},{"version":"05a5a7621ce66c142e081ffc24dd6ade6e912061","lessThan":"6f0f9c0a368aa1fe078109091322d3b0632d9380","versionType":"git","status":"affected"},{"version":"05a5a7621ce66c142e081ffc24dd6ade6e912061","lessThan":"b48c980b6a7e409050bb3067165db31cc6205e3e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/btrfs/reflink.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6f0f9c0a368aa1fe078109091322d3b0632d9380","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/73be4a08306bb84f4d5d16f62cb80e1543109ffa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9a24f0000876b8755cf21972b41632f4d6f3dafb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b48c980b6a7e409050bb3067165db31cc6205e3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53123","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:26.777","lastModified":"2026-06-24T17:17:26.777","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd: wake raid456 reshape waiters before suspend\n\nDuring raid456 reshape, direct IO across the reshape position can sleep\nin raid5_make_request() waiting for reshape progress while still\nholding an active_io reference. If userspace then freezes reshape and\nwrites md/suspend_lo or md/suspend_hi, mddev_suspend() kills active_io\nand waits for all in-flight IO to drain.\n\nThis can deadlock: the IO needs reshape progress to continue, but the\nreshape thread is already frozen, so the active_io reference is never\ndropped and suspend never completes.\n\nraid5_prepare_suspend() already wakes wait_for_reshape for dm-raid. Do\nthe same for normal md suspend when reshape is already interrupted, so\nwaiting raid456 IO can abort, drop its reference, and let suspend\nfinish.\n\nThe mdadm test tests/25raid456-reshape-deadlock reproduces the hang."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"714d20150ed85811193ae07a494d91f9927c590f","lessThan":"8b6a72420821e6da2cab6a69d5233500d2698b93","versionType":"git","status":"affected"},{"version":"714d20150ed85811193ae07a494d91f9927c590f","lessThan":"ff6b93410192b812d73cc54062529715b2dc849f","versionType":"git","status":"affected"},{"version":"714d20150ed85811193ae07a494d91f9927c590f","lessThan":"8ae3e14d7f3df58f7f49c02d74344e3dcd5f84f0","versionType":"git","status":"affected"},{"version":"714d20150ed85811193ae07a494d91f9927c590f","lessThan":"cf86bb53b9c92354904a328e947a05ffbfdd1840","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/8ae3e14d7f3df58f7f49c02d74344e3dcd5f84f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8b6a72420821e6da2cab6a69d5233500d2698b93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf86bb53b9c92354904a328e947a05ffbfdd1840","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ff6b93410192b812d73cc54062529715b2dc849f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53124","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:27.387","lastModified":"2026-06-24T17:17:27.387","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nublk: reset per-IO canceled flag on each fetch\n\nIf a ublk server starts recovering devices but dies before issuing fetch\ncommands for all IOs, cancellation of the fetch commands that were\nsuccessfully issued may never complete. This is because the per-IO\ncanceled flag can remain set even after the fetch for that IO has been\nsubmitted - the per-IO canceled flags for all IOs in a queue are reset\ntogether only once all IOs for that queue have been fetched. So if a\nnonempty proper subset of the IOs for a queue are fetched when the ublk\nserver dies, the IOs in that subset will never successfully be canceled,\nas their canceled flags remain set, and this prevents ublk_cancel_cmd\nfrom actually calling io_uring_cmd_done on the commands, despite the\nfact that they are outstanding.\n\nFix this by resetting the per-IO cancel flags immediately when each IO\nis fetched instead of waiting for all IOs for the queue (which may never\nhappen)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/block/ublk_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"728cbac5fe219d3b8a21a0688a08f2b7f8aeda2b","lessThan":"63335e5a67d89bb7cb9b023bbb3785896587a648","versionType":"git","status":"affected"},{"version":"728cbac5fe219d3b8a21a0688a08f2b7f8aeda2b","lessThan":"0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b","versionType":"git","status":"affected"},{"version":"42ea64e01c96e594fb4f80c54dfe4f934d008a6e","versionType":"git","status":"affected"},{"version":"6.14.6","lessThan":"6.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/block/ublk_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/63335e5a67d89bb7cb9b023bbb3785896587a648","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53125","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:27.770","lastModified":"2026-06-24T17:17:27.770","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix array_state=clear sysfs deadlock\n\nWhen \"clear\" is written to array_state, md_attr_store() breaks sysfs\nactive protection so the array can delete itself from its own sysfs\nstore method.\n\nHowever, md_attr_store() currently drops the mddev reference before\ncalling sysfs_unbreak_active_protection(). Once do_md_stop(..., 0)\nhas made the mddev eligible for delayed deletion, the temporary\nkobject reference taken by sysfs_break_active_protection() can become\nthe last kobject reference protecting the md kobject.\n\nThat allows sysfs_unbreak_active_protection() to drop the last\nkobject reference from the current sysfs writer context. kobject\nteardown then recurses into kernfs removal while the current sysfs\nnode is still being unwound, and lockdep reports recursive locking on\nkn->active with kernfs_drain() in the call chain.\n\nReproducer on an existing level:\n1. Create an md0 linear array and activate it:\n   mknod /dev/md0 b 9 0\n   echo none > /sys/block/md0/md/metadata_version\n   echo linear > /sys/block/md0/md/level\n   echo 1 > /sys/block/md0/md/raid_disks\n   echo \"$(cat /sys/class/block/sdb/dev)\" > /sys/block/md0/md/new_dev\n   echo \"$(($(cat /sys/class/block/sdb/size) / 2))\" > \\\n\t/sys/block/md0/md/dev-sdb/size\n   echo 0 > /sys/block/md0/md/dev-sdb/slot\n   echo active > /sys/block/md0/md/array_state\n2. Wait briefly for the array to settle, then clear it:\n   sleep 2\n   echo clear > /sys/block/md0/md/array_state\n\nThe warning looks like:\n\n  WARNING: possible recursive locking detected\n  bash/588 is trying to acquire lock:\n  (kn->active#65) at __kernfs_remove+0x157/0x1d0\n  but task is already holding lock:\n  (kn->active#65) at sysfs_unbreak_active_protection+0x1f/0x40\n  ...\n  Call Trace:\n   kernfs_drain\n   __kernfs_remove\n   kernfs_remove_by_name_ns\n   sysfs_remove_group\n   sysfs_remove_groups\n   __kobject_del\n   kobject_put\n   md_attr_store\n   kernfs_fop_write_iter\n   vfs_write\n   ksys_write\n\nRestore active protection before mddev_put() so the extra sysfs\nkobject reference is dropped while the mddev is still held alive. The\nactual md kobject deletion is then deferred until after the sysfs\nwrite path has fully returned."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9e59d609763f70a992a8f3808dabcce60f14eb5c","lessThan":"62c44566da7493ee48ef17e8507bb798338a07cb","versionType":"git","status":"affected"},{"version":"9e59d609763f70a992a8f3808dabcce60f14eb5c","lessThan":"92ad0ec509ffb188d8f849b63148664df37b4a52","versionType":"git","status":"affected"},{"version":"9e59d609763f70a992a8f3808dabcce60f14eb5c","lessThan":"2aa72276fab9851dbd59c2daeb4b590c5a113908","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/md.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/2aa72276fab9851dbd59c2daeb4b590c5a113908","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/62c44566da7493ee48ef17e8507bb798338a07cb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/92ad0ec509ffb188d8f849b63148664df37b4a52","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53126","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:27.900","lastModified":"2026-06-24T17:17:27.900","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()\n\nAdd the missing put_disk() on the error path in\nblkcg_maybe_throttle_current(). When blkcg lookup, blkg lookup, or\nblkg_tryget() fails, the function jumps to the out label which only\ncalls rcu_read_unlock() but does not release the disk reference acquired\nby blkcg_schedule_throttle() via get_device(). Since current->throttle_disk\nis already set to NULL before the lookup, blkcg_exit() cannot release\nthis reference either, causing the disk to never be freed.\n\nRestore the reference release that was present as blk_put_queue() in the\noriginal code but was inadvertently dropped during the conversion from\nrequest_queue to gendisk."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk-cgroup.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f05837ed73d0c73e950b2d9f2612febb0d3d451e","lessThan":"4048ed98860d3785645ebbd34f69566a6c7320c3","versionType":"git","status":"affected"},{"version":"f05837ed73d0c73e950b2d9f2612febb0d3d451e","lessThan":"73a5af059905d171b398c8b2381632ee499948b5","versionType":"git","status":"affected"},{"version":"f05837ed73d0c73e950b2d9f2612febb0d3d451e","lessThan":"b3e005f16cd98f815429a87aef4c61e9c140779f","versionType":"git","status":"affected"},{"version":"f05837ed73d0c73e950b2d9f2612febb0d3d451e","lessThan":"000e8454692cab9d1f1b80130e2870e355301d06","versionType":"git","status":"affected"},{"version":"f05837ed73d0c73e950b2d9f2612febb0d3d451e","lessThan":"23308af722fefed00af5f238024c11710938fba3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["block/blk-cgroup.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/000e8454692cab9d1f1b80130e2870e355301d06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/23308af722fefed00af5f238024c11710938fba3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4048ed98860d3785645ebbd34f69566a6c7320c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/73a5af059905d171b398c8b2381632ee499948b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b3e005f16cd98f815429a87aef4c61e9c140779f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-53127","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:28.253","lastModified":"2026-06-24T17:17:28.253","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix zones_cond memory leak on zone revalidation error paths\n\nWhen blk_revalidate_disk_zones() fails after disk_revalidate_zone_resources()\nhas allocated args.zones_cond, the memory is leaked because no error path\nfrees it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk-zoned.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6e945ffb6555705cf20b1fcdc21a139911562995","lessThan":"29153d128384fa7c48a8ca8d34094b1cbe2d5bdc","versionType":"git","status":"affected"},{"version":"6e945ffb6555705cf20b1fcdc21a139911562995","lessThan":"2a2f520fda824b5a25c93f2249578ea150c24e06","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["block/blk-zoned.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/29153d128384fa7c48a8ca8d34094b1cbe2d5bdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2a2f520fda824b5a25c93f2249578ea150c24e06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-54904","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T17:17:29.267","lastModified":"2026-06-26T19:26:46.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReference#update, which retries until compare_and_set(old_value, new_value) succeeds; Numeric compare_and_set, which checks old == old_value before attempting the underlying atomic swap.; and Ruby NaN semantics, where Float::NAN == Float::NAN is always false. As a result, once an AtomicReference contains Float::NAN, calling #update repeatedly evaluates the caller's block and never returns. In services that store externally derived numeric values in an AtomicReference, this can cause CPU exhaustion or permanent request/job hangs. This vulnerability is fixed in 1.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby-concurrency","product":"concurrent-ruby","versions":[{"version":"< 1.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:19:55.812897Z","id":"CVE-2026-54904","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyconcurrency:concurrent_ruby:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.3.7","matchCriteriaId":"4BBFFB42-BEF4-4DF8-BAB8-4B728A8CA930"}]}]}],"references":[{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-h8w8-99g7-qmvj","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-h8w8-99g7-qmvj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54905","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T17:17:29.403","lastModified":"2026-06-26T20:01:00.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITE_LOCK_HELD. After 32,768 reentrant read acquisitions, the local read count crosses into the write-lock bit. try_write_lock then treats the thread as already holding a write lock and returns true without setting the global RUNNING_WRITER bit. This breaks the core mutual-exclusion guarantee: the caller is told it has a write lock, but other threads can still hold or acquire read locks at the same time. This vulnerability is fixed in 1.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby-concurrency","product":"concurrent-ruby","versions":[{"version":"< 1.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T16:41:31.221708Z","id":"CVE-2026-54905","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-128"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyconcurrency:concurrent_ruby:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.3.7","matchCriteriaId":"4BBFFB42-BEF4-4DF8-BAB8-4B728A8CA930"}]}]}],"references":[{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-wv3x-4vxv-whpp","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-wv3x-4vxv-whpp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54906","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T17:17:29.550","lastModified":"2026-06-26T20:00:16.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#release_read_lock also decrements the shared counter even when no read lock is held. Calling it on a fresh lock changes the counter from 0 to -1, after which normal read acquisition raises Concurrent::ResourceLimitError. This is a synchronization correctness issue in the public Concurrent::ReadWriteLock API. This vulnerability is fixed in 1.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby-concurrency","product":"concurrent-ruby","versions":[{"version":"< 1.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:56:44.670673Z","id":"CVE-2026-54906","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-414"},{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyconcurrency:concurrent_ruby:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.3.7","matchCriteriaId":"4BBFFB42-BEF4-4DF8-BAB8-4B728A8CA930"}]}]}],"references":[{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-6wx8-w4f5-wwcr","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/ruby-concurrency/concurrent-ruby/security/advisories/GHSA-6wx8-w4f5-wwcr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-44022","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:17.593","lastModified":"2026-06-26T19:58:04.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \\includegraphics, \\input, and \\include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences to read arbitrary files from the file system accessible to the process, include sensitive files in the converted document output, or potentially access configuration files, credentials, or other sensitive data This vulnerability is fixed in 2.91.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"docling-project","product":"docling","versions":[{"version":">= 2.73.0, < 2.91.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:17:46.252428Z","id":"CVE-2026-44022","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:docling:docling:*:*:*:*:*:python:*:*","versionStartIncluding":"2.73.0","versionEndExcluding":"2.91.0","matchCriteriaId":"DDA643FB-5BC0-4CE7-95D9-3F010EA3D49F"}]}]}],"references":[{"url":"https://github.com/docling-project/docling/releases/tag/v2.91.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48703","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:17.723","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations build shell command strings from Agent-controlled inputs (search text, paths, glob patterns) and execute them in the active terminal session. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2025.04.09.08.11.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:28:49.401990Z","id":"CVE-2026-48703","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/43f4f483e0c2dd253d2aaa8a495b2d71f0208c40","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-8r78-7jwh-m6hm","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48704","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:17.853","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal rendered content. If a user opens the Markdown in Warp and clicks the link, affected builds may route the resolved local file to a platform file opener instead of limiting the action to safe viewer/editor targets. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2023.10.24.08.03.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:57:32.306645Z","id":"CVE-2026-48704","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/7f0c4dd2322198f1b39890f8e6bcdc606c6a3c74","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-589x-4mxh-jcrf","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48719","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:17.983","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by the victim's shell if the victim selects that branch from the UI. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2025.08.06.08.12.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:03:06.614295Z","id":"CVE-2026-48719","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/4295ec08d01912fe355351547e541277f29288cd","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-hgvx-4xvm-39pw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48720","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.130","lastModified":"2026-06-25T20:17:12.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2025.03.05.08.02.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:56:00.076148Z","id":"CVE-2026-48720","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/f3b9ce1c8fd13d037526c447418d809087722daa","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-5h96-jrrq-6hxq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48721","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.283","lastModified":"2026-06-25T18:16:38.210","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety boundary for commands that should require confirmation. Because command strings were checked before canonicalizing leading environment-variable assignments, an attacker who can influence the agent's command output may cause denylisted commands to be treated as non-denylisted. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2025.10.08.08.12.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:06:00.971042Z","id":"CVE-2026-48721","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-180"},{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/0c1e243292c642d9a7748f80813b6fdfc0b31a9e","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-3839-h8jj-ph82","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48725","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.413","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2021.04.25.23.05.stable_00, < v0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:18:57.634899Z","id":"CVE-2026-48725","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/b1a41d0b1aba9f40db1e5ceb695183452a894003","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-wgqj-4c26-7c4g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48731","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.547","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user who opens an attacker-controlled local file path through an affected external editor or system-default editor route can cause shell syntax embedded in that path to execute as the local user. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2024.02.20.08.01.stable_01, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:12:40.501473Z","id":"CVE-2026-48731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/861dacea2683f2fe263c3c3a1381c3cbb2b66809","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-7xgc-mhc8-g7wc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48732","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.670","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for SSH-backed metadata collection. A remote host, repository, or directory name controlled by an attacker could cause that helper command to execute additional shell syntax on the remote host as the victim's authenticated SSH account. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2023.03.21.08.02.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T17:58:22.210435Z","id":"CVE-2026-48732","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/88c344e2de662a935f0ef0896458494ef2413add","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-qqpc-wvvw-4269","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48789","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:18.800","lastModified":"2026-06-25T18:56:54.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style \"../\" traversal but does not reject Windows-style parent paths returned by path.relative(), such as \"..\". This vulnerability is fixed in 1.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Mintplex-Labs","product":"anything-llm","versions":[{"version":"< 1.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:54:11.842373Z","id":"CVE-2026-48789","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-j4m9-wwcq-m868","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54686","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:19.067","lastModified":"2026-06-25T18:16:40.223","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An attacker who could cause a victim to view attacker-controlled terminal output in Warp could spoof selected lifecycle metadata, including the current working directory reported for the active block or SSH session transport metadata. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:04:59.234400Z","id":"CVE-2026-54686","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/32d21d15c9a3da1a923d1ed66226cf5cba081d16","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/commit/51bd3267803c5cc0a45074fa19fd50162be7c917","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-9w2v-jhww-vm85","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54699","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:19.187","lastModified":"2026-06-25T14:29:49.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"warpdotdev","product":"warp","versions":[{"version":">= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:18:26.007037Z","id":"CVE-2026-54699","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e","source":"security-advisories@github.com"},{"url":"https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55611","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T18:17:19.443","lastModified":"2026-06-25T18:56:54.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with no ownership check, inside two finally{} blocks that run even when the ownership-checked read fails. As a result a manager or admin (multi-user mode) can delete any other user's parsed file in any workspace — including workspaces they are not a member of — by enumerating integer fileIds. The server even returns \"File not found\" while still deleting the file. This vulnerability is fixed in 1.14.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Mintplex-Labs","product":"anything-llm","versions":[{"version":"< 1.14.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":0.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:30:51.957851Z","id":"CVE-2026-55611","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/Mintplex-Labs/anything-llm/commit/34a42a33eaafe78b1e4020995ce8e9fd34d26c65","source":"security-advisories@github.com"},{"url":"https://github.com/Mintplex-Labs/anything-llm/commit/683fe3dfdc74b6d94c445a25bb0f2f218665a4c6","source":"security-advisories@github.com"},{"url":"https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-r872-gr59-vf5w","source":"security-advisories@github.com"},{"url":"https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-r872-gr59-vf5w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-13021","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.367","lastModified":"2026-06-26T02:19:15.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:26:57.003812Z","id":"CVE-2026-13021","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/511776603","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13023","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.567","lastModified":"2026-06-26T02:17:49.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:27:55.210603Z","id":"CVE-2026-13023","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-457"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517080836","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13024","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.677","lastModified":"2026-06-26T02:12:22.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:28:51.913864Z","id":"CVE-2026-13024","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517148260","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13025","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.770","lastModified":"2026-06-26T02:12:14.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13025","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/518043569","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13026","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.867","lastModified":"2026-06-26T02:12:05.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13026","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/519728279","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13027","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:08.963","lastModified":"2026-06-26T02:11:50.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/520543781","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13028","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.073","lastModified":"2026-06-26T02:11:29.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13028","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/520656244","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13029","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.193","lastModified":"2026-06-25T18:12:53.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13029","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/521495992","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13030","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.297","lastModified":"2026-06-25T18:12:41.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:30:51.457655Z","id":"CVE-2026-13030","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-457"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/522840723","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13031","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.390","lastModified":"2026-06-25T18:12:24.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13031","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523308824","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13032","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.483","lastModified":"2026-06-25T18:12:08.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13032","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523591974","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13033","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.577","lastModified":"2026-06-25T18:11:42.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13033","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523677844","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13034","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.673","lastModified":"2026-06-25T15:23:48.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:27:23.090421Z","id":"CVE-2026-13034","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523699355","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13035","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.763","lastModified":"2026-06-25T15:14:12.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:24:04.061446Z","id":"CVE-2026-13035","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523704570","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13036","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.860","lastModified":"2026-06-25T15:13:56.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13036","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523711130","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13037","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:09.953","lastModified":"2026-06-25T15:13:04.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13037","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523721871","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13038","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-24T19:17:10.047","lastModified":"2026-06-25T15:12:22.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.197","lessThan":"149.0.7827.197","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-13038","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.197","matchCriteriaId":"9572BD46-C62C-45AC-9772-2DC00970D68A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/523740781","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-48793","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:10.900","lastModified":"2026-06-26T05:16:28.377","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal (SubtitleEncoder.cs, line 382) interpolates the subtitle file path into FFmpeg command-line arguments without calling EncodingUtils.NormalizePath(). On Linux, filenames can contain double-quote characters, which break the argument quoting and allow injection of arbitrary FFmpeg arguments. The vulnerability is reachable without authentication via SubtitleController.GetSubtitle, which has no [Authorize] attribute. An attacker who can place a file in a Jellyfin media library directory (shared NAS, Samba share, guest upload) can achieve arbitrary file write on the server and information disclosure. This vulnerability is fixed in 10.11.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jellyfin","product":"jellyfin","versions":[{"version":"< 10.11.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-48793","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"references":[{"url":"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wwwm-px48-fpvq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49220","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:11.240","lastModified":"2026-06-25T16:06:52.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header during an AuthenticateByName can contain arbitrary HTML and Javascript, which will then be executed by the Administrative user when visiting the Access tab of the user in question from within the dashboard. This vulnerability is fixed in 10.11.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jellyfin","product":"jellyfin","versions":[{"version":"< 10.11.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T19:19:25.319185Z","id":"CVE-2026-49220","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-fv79-gmhx-xh2v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49246","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:11.367","lastModified":"2026-06-25T20:17:12.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it unsanitized into Path.Combine(attachmentFolder, fileName) inside PathManager.GetAttachmentPath. Because .NET's Path.Combine neither normalises .. nor rejects a rooted second argument, a crafted MKV can redirect Jellyfin's MKV attachment extraction to any absolute path on disk. This triggers on any playback action of the affected video on a client which will attempt to burn in the subtitles by default.g This vulnerability is fixed in 10.11.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jellyfin","product":"jellyfin","versions":[{"version":"< 10.11.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:00:23.664218Z","id":"CVE-2026-49246","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-f47c-m7gr-q92j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49247","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:11.480","lastModified":"2026-06-26T05:16:28.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a result, any authenticated non-admin user can include ../ sequences in the Client field to cause Jellyfin to write attacker-controlled content to arbitrary paths reachable by the Jellyfin service user, with a forced .log suffix. This vulnerability is fixed in 10.11.10."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jellyfin","product":"jellyfin","versions":[{"version":">= 10.9.0, < 10.11.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-49247","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-jg92-mrxq-vv75","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53943","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:11.820","lastModified":"2026-06-25T16:06:52.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From  until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affected cache configurations, that response could be stored and served to subsequent visitors requesting the same page, allowing cache poisoning of request-specific preview output. When running Ghost's frontend and admin panel on the same domain this could be used to take over staff user accounts. When running these on different domains staff accounts have no exposure. This vulnerability is fixed in 6.37.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 4.0.0, < 6.37.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:40:56.579441Z","id":"CVE-2026-53943","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-524"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-62q6-4hv4-vjrw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53944","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:11.957","lastModified":"2026-06-25T16:07:28.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in 6.21.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 6.0.9, < 6.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:50:11.644766Z","id":"CVE-2026-53944","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wvp2-4qqp-4h3r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53945","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.090","lastModified":"2026-06-25T16:16:39.120","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 6.0.9, < 6.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:38:04.884131Z","id":"CVE-2026-53945","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-ch52-px8q-f22j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53946","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.217","lastModified":"2026-06-25T20:17:15.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user able to create or edit posts could therefore point an image card at an attacker-chosen host and cause the Ghost server to request it on their behalf, including hosts on internal networks or cloud instance metadata endpoints that would not normally be reachable from the public internet. This vulnerability is fixed in 6.21.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 6.19.4, < 6.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:56:56.852416Z","id":"CVE-2026-53946","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-g366-23fw-ggp6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53947","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.337","lastModified":"2026-06-25T18:16:39.913","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is fixed in 6.21.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 5.18.0, < 6.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:09:11.479372Z","id":"CVE-2026-53947","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-chgm-3698-jm42","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53948","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.460","lastModified":"2026-06-25T16:07:28.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On installations that serve uploaded files from the same origin as the site, this could have been used to facilitate stored cross-site scripting against site visitors or staff. This vulnerability is fixed in 6.21.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 6.19.4, < 6.21.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:17:17.045202Z","id":"CVE-2026-53948","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-944x-pm95-3jpr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53949","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.580","lastModified":"2026-06-25T16:07:28.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully accessible. If MySQL was used as the database the password hashes' case (uppercase / lowercase) would have been lost, which would likely have rendered a further brute force attack on the discovered hashes fruitless. This vulnerability is fixed in 6.21.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":">= 5.46.1, < 6.21.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:55:06.184455Z","id":"CVE-2026-53949","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-jx35-x7fj-vgpr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53950","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T19:17:12.713","lastModified":"2026-06-25T16:07:28.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised ActivityPub server. This vulnerability is fixed in 3.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TryGhost","product":"Ghost","versions":[{"version":"< 3.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:49:49.390982Z","id":"CVE-2026-53950","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-xpp7-93x6-v29m","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-23879","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:31.817","lastModified":"2026-06-25T20:21:19.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using extractall to extract an archive, the library restores these symbolic links, linking them to arbitrary directories on the host file system. During extraction, the program only checks the link arcname within the destination directory, but ignores the combined symlink path resolution. Attackers can exploit this vulnerability by constructing malicious archives, thereby bypassing the directory boundary restrictions implemented by the extractor. Subsequent extraction of regular files through these symbolic links can result in arbitrary file writes. This vulnerability may lead to remote code execution, privilege escalation, data corruption, or denial of service. This issue has been fixed in version 1.1.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"miurahr","product":"py7zr","versions":[{"version":"< 1.1.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:57:29.992293Z","id":"CVE-2026-23879","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/miurahr/py7zr/releases/tag/v1.1.3","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-q6rc-2cgv-63h7","source":"security-advisories@github.com"},{"url":"https://github.com/miurahr/py7zr/security/advisories/GHSA-q6rc-2cgv-63h7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-27708","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:31.963","lastModified":"2026-06-25T20:17:10.507","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data through IDOR. An authenticated client can access any other client's custom service by guessing sequential order IDs. This can lead to a confidentiality breach — attackers can read client PII (name, email, phone, address, company details, VAT number) and service configuration data belonging to other clients. This issue has been fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:00:55.598830Z","id":"CVE-2026-27708","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-p36w-9x66-488j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46348","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:32.100","lastModified":"2026-06-25T18:16:37.977","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make Mastodon perform HTTP requests against loopback interfaces, potentially allowing access to otherwise private resources and services. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.10","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:11:12.707237Z","id":"CVE-2026-46348","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-crr4-7rm4-8gpw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46349","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:32.233","lastModified":"2026-06-25T16:32:07.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to re-arrange a valid signed JSON-LD activity from a third-party actor to have it processed differently. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:16:40.328930Z","id":"CVE-2026-46349","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-chgx-jx3p-rf73","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47389","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:32.653","lastModified":"2026-06-25T17:16:39.340","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.private_address? returns false for IPv4-mapped IPv6 addresses (::ffff:a.b.c.d) corresponding to some private IPv4 addresses, depending on Ruby version, this can include loopback, RFC1918 private networks, and link-local space. An attacker who controls DNS for any domain can publish an AAAA record with such a mapped address; any outbound HTTP fetch Mastodon performs against that hostname then opens a real TCP connection to the underlying IPv4 address, including 127.0.0.1 and cloud-metadata endpoints such as 169.254.169.254. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:40:23.069323Z","id":"CVE-2026-47389","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-xx55-4rrg-8xg6","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48028","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:32.787","lastModified":"2026-06-25T16:32:07.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors to remove JSON entries from valid signed activities from a third-party actor. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.10","status":"affected"},{"version":">= 4.4.0-beta.1, < 4.4.17","status":"affected"},{"version":"< 4.3.23","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:26:21.818264Z","id":"CVE-2026-48028","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-354"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-53m7-2wrh-q839","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55583","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T20:16:33.100","lastModified":"2026-06-25T20:18:56.650","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso lvers/agent-turn.resolver.ts. The agentTurns(agentId) query and the evaluateAgentTurn(turnId) mutation looked up rows by agentId or id only; although AgentTurnEntity has a workspaceId column, it was not included in the WHERE clause, and the class-level guards only checked that the caller was authenticated in some workspace rather than that the requested object belonged to it, with the same flaw present in agent-turn-grader.service.ts.  As a result, any authenticated user with the AI settings flag, a workspace owner by default, could target any other workspace on the same instance given the victim's agentId or turnId: agentTurns returned the victim's full  chat history including message parts such as raw chat text, tool calls, and tool outputs, while evaluateAgentTurn inserted an agentTurnEvaluation row with the victim's workspaceId and fed the victim's turn into the default LLM. The agentId and turnId are non-guessable UUIDs but are exposed  in the URL of the settings page. This issue is fixed in version 2.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"twentyhq","product":"twenty","versions":[{"version":"< 2.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:02:15.740177Z","id":"CVE-2026-55583","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-v39r-w5vg-j9pp","source":"security-advisories@github.com"},{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-v39r-w5vg-j9pp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-64719","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:52.007","lastModified":"2026-06-25T21:16:25.550","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. The issue is present in file internal/route/repo/wiki.go and internal/route/repo/view.go where the pages try to recover commit information. If errors are returned while recovering commit information, the page will return a 500 error and stop rendering, resulting in a denial of service. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:05:48.807800Z","id":"CVE-2025-64719","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-1840","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-24T21:16:52.753","lastModified":"2026-06-25T20:16:20.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without restriction. Such unauthorized changes can disrupt normal functionality and, if performed repeatedly, may lead to a loss of communications to the device."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Hubbell","product":"Aclara Metrum Cellular Web Interface","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.1.0.105","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:13:58.959179Z","id":"CVE-2026-1840","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://aclara.my.site.com/AclaraConnect/s/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-174-07.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-07","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-25119","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:52.903","lastModified":"2026-06-25T18:16:37.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can forge this header to impersonate any user or trigger automatic account creation, completely bypassing authentication. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:12:08.716478Z","id":"CVE-2026-25119","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/0089c4c8e5b8d99eb6e5c8727f8f40d765f1f58a","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8264","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-w6j9-vw59-27wv","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-w6j9-vw59-27wv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-31978","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.043","lastModified":"2026-06-25T23:17:02.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/{id}/preview/{filename}. Neither the API handlers, nor the mediafiles.py functions such as get_media_preview() check for .. sequences in the filename parameter, except for get_media_content(). This allows an authenticated user with normal (non-admin) privileges to read arbitrary files from the filesystem as the motionEye process user, such as:  /etc/passwd, /etc/shadow, motionEye config files containing password hashes and plaintext passwords, SSH keys, and other cameras' surveillance footage. This issue has been fixed in version 0.44.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"motioneye-project","product":"motioneye","versions":[{"version":"< 0.44.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:01:33.345249Z","id":"CVE-2026-31978","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/motioneye-project/motioneye/releases/tag/0.44.0","source":"security-advisories@github.com"},{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3","source":"security-advisories@github.com"},{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-32315","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.183","lastModified":"2026-06-25T18:56:54.397","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--), making it readable by any local user on the system. This file contains sensitive data including the admin password hash, which can be leveraged by other vulnerabilities to escalate privileges. Additionally, per-camera configuration files (camera-*.conf) are also created with the same 644 permissions, potentially exposing camera-specific credentials and settings. The exposed SHA1 admin password hash can be cracked offline to recover the plaintext password, used directly to forge authenticated admin API requests via the signature authentication weakness (GHSA-45h7-499j-7ww3), and chained with the OS command injection flaw (CVE-2025-60787) to escalate a local unprivileged user to the Motion daemon user (often root), enabling full system compromise. This issue has been fixed in version 0.44.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"motioneye-project","product":"motioneye","versions":[{"version":"< 0.44.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:36:16.343159Z","id":"CVE-2026-32315","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-522"},{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://github.com/motioneye-project/motioneye/releases/tag/0.44.0","source":"security-advisories@github.com"},{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rhgp-6wq6-9j67","source":"security-advisories@github.com"},{"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rhgp-6wq6-9j67","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33235","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.320","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unauthorized attribute access (e.g., blocking __class__), it fails to limit the computational complexity or execution time of the expressions. An attacker can input computationally expensive Python/Jinja2 expressions that consume the server's CPU and memory, leading to a complete system hang or crash. In multi-tenant or self-hosted environments, this results in a complete service outage and \"noisy neighbor\" effects that require manual administrative intervention to recover. This issue has been fixed in version 0.6.52."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Significant-Gravitas","product":"AutoGPT","versions":[{"version":">= 0.1.0, < 0.6.52","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:41:46.892136Z","id":"CVE-2026-33235","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.52","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-ppw9-h7rv-gwq9","source":"security-advisories@github.com"},{"url":"https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-ppw9-h7rv-gwq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33543","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.453","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:22:04.810298Z","id":"CVE-2026-33543","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-28mh-j262-q49w","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45677","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.590","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a target user's SAML NameID - which major identity providers (Okta, Google Workspace, Microsoft Entra ID, JumpCloud) expose as the user's email address - can craft a valid-looking unsigned LogoutRequest and submit it to the SP logout endpoint. The server processes it as legitimate, immediately destroying the victim's session. Because the attack requires no authentication and no interaction from the victim, it can be repeated in a loop against individual users or scripted across many accounts, effectively rendering the Rocket.Chat instance unusable for SAML-authenticated users. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.1","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.3","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.3","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.4","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.5","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.7","status":"affected"},{"version":"< 7.10.11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:40:53.521845Z","id":"CVE-2026-45677","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-pw6f-q8ww-vqfq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45687","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.720","lastModified":"2026-06-26T19:16:40.537","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it directly into a MongoDB $set update via Object.assign. There is no allow-list of writable fields. An attacker can therefore rewrite any column on their own upload record, notably store and the store-specific path fields. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.1","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.3","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.3","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.4","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.5","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.7","status":"affected"},{"version":"< 7.10.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:51:10.359261Z","id":"CVE-2026-45687","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-fhc2-x8cp-c5ch","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45688","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.847","lastModified":"2026-06-26T05:16:27.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOne({_id: ...}) query without any runtime type check. TypeScript's string parameter annotation is erased at runtime, so an unauthenticated attacker can substitute a MongoDB query operator ({\"$gt\": \"\"}, {\"$ne\": null}, etc.) for what the server expects to be an opaque ticket string. The injected operator matches the first unexpired document in the credential_tokens collection, bypassing the CAS ticket check entirely. When any legitimate CAS or SAML SSO login is in flight, the attacker's next DDP login call matches the same credential-token row via the NoSQL operator and is issued a full Meteor auth token (userId + token) bound to the victim. The token is immediately usable against the complete REST and DDP surface as that user. If the victim is an administrator, this escalates to full instance compromise via Apps-Engine app install. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.1","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.3","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.3","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.4","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.5","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.7","status":"affected"},{"version":"< 7.10.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-45688","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-rr54-jf4h-6cj9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45689","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:53.970","lastModified":"2026-06-26T05:16:27.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single HTTP POST with MongoDB query operators to /oauth/token. The Rocket.Chat OAuth2 server does not validate that grant parameters are strings before forwarding them to findOne({...}) against the oauth_apps and oauth_access_tokens collections, so an attacker substitutes {\"$ne\": null} for client_id, client_secret, and refresh_token and receives a freshly minted {access_token, refresh_token} pair bound to whichever user's refresh token Mongo returned first. The resulting access token is a first-class bearer credential against the full /api/v1/* surface as that user. By iterating with $nin / $regex operators the attacker walks the entire oauth_access_tokens collection, collecting one fresh access token per user per request. If any matched token belongs to an admin, the stolen bearer gives full admin API access (including Apps-Engine app installation, i.e. server-side code execution). No account, credentials, userId, or prior interaction with the instance are required. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.1","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.3","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.3","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.4","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.5","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.7","status":"affected"},{"version":"< 7.10.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-45689","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-8p25-fm45-pjrw","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45757","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.097","lastModified":"2026-06-25T16:16:35.460","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat allows users deactivated through users.deactivateIdle to keep using already-issued login tokens. A user that an administrator has marked inactive for idleness can still access authenticated REST endpoints with the old token. This vulnerability is fixed in 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.2","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.4","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.4","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.5","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.6","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.8","status":"affected"},{"version":"< 7.10.12","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:32:01.600354Z","id":"CVE-2026-45757","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-6g3w-vg5p-w892","source":"security-advisories@github.com"},{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-6g3w-vg5p-w892","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46423","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.223","lastModified":"2026-06-26T05:16:27.867","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured IdP certificate field is empty. The verifySignatures routine performs an early return when serviceProviderOptions.cert is falsy, which is the default state of the setting. Because provider registration only gates on the SAML \"enabled\" toggle and not on the presence of a certificate, an administrator who enables SAML without pasting an IdP certificate obtains a fully wired, publicly reachable SAML login endpoint that accepts unsigned or attacker-supplied assertions. This is a default-configuration authentication-bypass class: the fail-open branch is reached with no misconfiguration beyond leaving a field at its shipped default. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.1","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.3","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.3","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.4","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.5","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.7","status":"affected"},{"version":"< 7.10.11","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-46423","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-rgg7-qvp9-wvx7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47267","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.347","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:40:15.647335Z","id":"CVE-2026-47267","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/199cf4fd5bbe40b92f6dc8d649e241fd7a8d0018","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8263","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47733","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.477","lastModified":"2026-06-25T16:16:35.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a href> and <img src> attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses sanitizeUrl to block javascript:, data:, and vbscript: protocols — ImageElement passes the raw URL through unchanged. An authenticated user can post a markdown image with a javascript: URL that, if clicked on an older browser, would execute arbitrary JavaScript in the viewer's session. This vulnerability is fixed in 8.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":"< 8.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:46:27.021719Z","id":"CVE-2026-47733","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-vvrf-fq54-q4pr","source":"security-advisories@github.com"},{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-vvrf-fq54-q4pr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49277","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.600","lastModified":"2026-06-26T19:16:41.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth access token, and can also mint a fresh access token from an existing refresh token. This vulnerability is fixed in 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.2","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.4","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.4","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.5","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.6","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.8","status":"affected"},{"version":"< 7.10.12","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:51:07.662991Z","id":"CVE-2026-49277","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-39hg-492f-3c4f","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49278","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.757","lastModified":"2026-06-26T05:16:28.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://developer.rocket.chat/apidocs/get-visitor-information-by-id-1, token is returned in the response. It looks like there's no use case for the token to be present in the response and it would be a good security practice to remove it altogether. This vulnerability is fixed in 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.0","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.2","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.4","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.4","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.5","status":"affected"},{"version":">= 8.0.0-rc.0, < 8.0.6","status":"affected"},{"version":">= 7.11.0-rc.0, < 7.13.8","status":"affected"},{"version":"< 7.10.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-49278","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-cqj7-h8cj-jmf2","source":"security-advisories@github.com"},{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-cqj7-h8cj-jmf2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50128","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:54.890","lastModified":"2026-06-25T16:32:07.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how it is defined makes Linked Data Signatures on the toot:attributionDomains property ineffective. An attacker can arbitrarily modify the attributionDomains value of a legitimately signed Update activity and bypass Mastodon’s signature verification. This vulnerability is fixed in 4.5.11 and 4.4.18."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.11","status":"affected"},{"version":">= 4.3.0, < 4.4.18","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:39:17.708860Z","id":"CVE-2026-50128","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-354"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-rwcw-vq68-g34p","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-pwx3-qcgw-vh7h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50129","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.020","lastModified":"2026-06-25T16:32:07.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception handling in the math sanitizer. Malformed <math> nodes can result in a DoS of a whole server or targeted users services, depending on the type of action that includes the malformed nodes and the services interacting with it. This vulnerability is fixed in 4.5.11, 4.4.18, and 4.3.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mastodon","product":"mastodon","versions":[{"version":">= 4.5.0-beta.1, < 4.5.11","status":"affected"},{"version":">= 4.4.0-beta.1, < 4.4.18","status":"affected"},{"version":"< 4.3.24","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:25:34.635259Z","id":"CVE-2026-50129","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/mastodon/mastodon/security/advisories/GHSA-qrgq-9fx2-vf2r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-52795","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.143","lastModified":"2026-06-25T16:16:38.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead() (returns 404 when the user CAN read) instead of if !repoCtx.ViewerCanRead() (return 404 when the user CANNOT read). Once watching, the attacker's dashboard activity feed shows commit messages, branch names, issue titles, and PR details from the private repository. If email notifications are enabled, the attacker also receives emails containing issue and comment content."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"<= 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:53:43.721693Z","id":"CVE-2026-52795","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/d61caa3676fde060d0c03ccf815851dddc7c67e0","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-v8w7-f6gc-cqc2","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-v8w7-f6gc-cqc2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52796","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.270","lastModified":"2026-06-25T21:16:27.133","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not safe: when the configured pattern contains an opening brace { but no closing brace }, strings.Index(template, \"}\") returns -1 and the subsequent slice template[:-1] triggers a panic. Once such a pattern is set, any page in the affected repository that contains an issue index reference such as #1 becomes unavailable. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:10:04.777866Z","id":"CVE-2026-52796","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52797","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.403","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result of the comparison to any arbitrary path. This vulnerability is fixed in 0.14.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:37:04.311359Z","id":"CVE-2026-52797","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-pm6v-2h4w-4rp2","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-pm6v-2h4w-4rp2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52798","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.533","lastModified":"2026-06-25T18:16:39.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitize_ipynb, the inserted content is re-rendered on the client side without sanitization using marked() on elements with the .nb-markdown-cell class. During this process, links containing schemes such as javascript: can be regenerated. As a result, when a victim views an attacker-crafted .ipynb file and clicks the link, arbitrary JavaScript is executed in the Gogs origin, leading to a click-based Stored XSS. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:14:47.335180Z","id":"CVE-2026-52798","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/17b168b11ca759a7550e1f4bbd68bbde14db7785","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8319","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-jq8v-rmf6-65jw","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-jq8v-rmf6-65jw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52799","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.670","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository.\nIn a test environment with REQUIRE_SIGNIN_VIEW = false, we confirmed that an unauthenticated user can download attachments belonging to a private repository. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:13:20.112665Z","id":"CVE-2026-52799","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-p9f5-h3rx-j5qw","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-p9f5-h3rx-j5qw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52800","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.800","lastModified":"2026-06-26T05:16:29.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be added to the Owners team. As a result, the attacker gains organization owner–equivalent privileges. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52800","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/070df61ecd14c75b0aca93090f860b87ab17ac19","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8321","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-pwx3-qcgw-vh7h","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-pwx3-qcgw-vh7h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52801","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:55.930","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:24:00.075528Z","id":"CVE-2026-52801","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/11e19f28b5c82466fd1689c94344ef4313ee986c","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8225","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52802","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.057","lastModified":"2026-06-25T17:16:40.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, allowing redirection to arbitrary external sites. All redirects in Gogs that are validated via the IsSameSite function are vulnerable. The function only inspects the first two characters of the URL string. This check fails to account for directory traversal sequences followed by backslashes. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:51:51.294655Z","id":"CVE-2026-52802","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/c5da9631dc75f692f313373ae229c4d47ba6517f","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8322","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-xxhq-69mf-w8cr","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-xxhq-69mf-w8cr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52804","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.187","lastModified":"2026-06-26T05:16:29.707","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52804","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/1fdc9cc28e159135cfa4d6b11ecd5daa0f8ce22b","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8227","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-4565-r4x7-hg8j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-52805","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.317","lastModified":"2026-06-26T05:16:29.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery (SSRF) vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated user can submit a public URL that redirects to a blocked internal endpoint (e.g., 127.0.0.1), importing the internal repository's contents into an attacker-controlled repository. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52805","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/b9a0093e9cd1b2b3c7f42f9feca396dc772c4f1b","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8324","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-g2f5-gjr4-qjvm","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-g2f5-gjr4-qjvm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52806","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.440","lastModified":"2026-06-26T05:16:29.933","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the \"Rebase before merging\" merge operation. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52806","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/a9dbafbfd8e1020bacc626420238c01d75d03364","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8301","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-qf6p-p7ww-cwr9","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-qf6p-p7ww-cwr9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52807","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.570","lastModified":"2026-06-25T16:16:38.727","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, in new_form.tmpl, milestone names are rendered with Go's default auto-escaping ({{.Name}}), which converts < to &lt; etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the decoded original payload. Semantic UI 2.4.2's dropdown component has preserveHTML: true as the default setting. When a user selects a dropdown item, the internal set.text() method calls jQuery's .html() with the item's text content. This re-parses the decoded text as HTML, creating the injected element and triggering the JavaScript event handler. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page and interacts with the milestone dropdown, the payload executes in their browser via Semantic UI's preserveHTML behavior. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:37:32.952801Z","id":"CVE-2026-52807","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/573eacdc658641487f8ad883da96b29ec8e2852d","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8325","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-vcm5-gvmp-78mp","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-vcm5-gvmp-78mp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52808","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.693","lastModified":"2026-06-25T16:16:38.830","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter() rather than reqRepoAdmin(). The equivalent operations in the web UI sit behind reqRepoAdmin, which requires AccessMode >= AccessModeAdmin. A write-level collaborator (who has AccessMode == AccessModeWrite < AccessModeAdmin) can therefore call these API endpoints directly to disable the native issue tracker or wiki, inject attacker-controlled external tracker/wiki URLs that redirect all repository visitors, or trigger mirror sync — none of which they are authorized to do. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:35:29.502329Z","id":"CVE-2026-52808","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/6283462119bd8894f1599d70339b5e823f99954a","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8327","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52809","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.827","lastModified":"2026-06-26T05:16:30.067","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account-activation lifetime), not conf.Auth.ResetPasswordCodeLives. The token lifetime is baked into the token itself at generation time and is re-extracted from the token at verification time, making RESET_PASSWORD_CODE_LIVES irrelevant to actual enforcement. When an administrator configures a shorter reset window (e.g., 10 minutes) for compliance or security reasons, reset tokens remain exploitable for the full activation lifetime instead, while the reset email falsely advertises the shorter expiry. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52809","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-324"},{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-5c3f-6486-3g7g","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-5c3f-6486-3g7g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52810","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:56.960","lastModified":"2026-06-25T16:16:38.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack is evaluated as read access) while routing still runs git receive-pack, allowing push where only read should be allowed. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:38:54.280743Z","id":"CVE-2026-52810","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/7c9cf53aca957959bcd98b0cc987d9901b7cb184","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8331","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-wmfg-5p4h-5fw3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-wmfg-5p4h-5fw3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52811","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.093","lastModified":"2026-06-26T05:16:30.213","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload target (osx.IsSymlink(targetPath)). The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-write access plus a multipart upload whose filename contains a literal backslash (preserved by filepath.Base on Linux, then converted to / by pathx.Clean) redirects the write through a previously-committed directory symlink. iox.CopyFile opens the destination with os.Create (no O_NOFOLLOW), so the kernel follows the parent symlink and writes attacker bytes anywhere the gogs UID can write — ~git/.ssh/authorized_keys → SSH foothold, or <repo>.git/hooks/post-receive → next-push RCE. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52811","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"},{"lang":"en","value":"CWE-61"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/04cb8afbb01d855454e59977a1cdbf522ea1db31","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8332","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-89mr-xqfv-758m","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-89mr-xqfv-758m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52812","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.223","lastModified":"2026-06-26T00:16:53.583","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in the lfs_object table keyed (repo_id, oid). serveUpload skips re-uploading when the OID file already exists on disk and inserts a new (repo_id, oid) row pointing at it without verifying the request body hashes to the OID being claimed. Any user with write access to one repo can bind their repo to an OID owned by a private repo and download the original bytes via their own download endpoint. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:03:11.981996Z","id":"CVE-2026-52812","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/f35a767af74e05342bafc6fdda02c791816426f8","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8333","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-6p9m-q3jp-47h4","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-6p9m-q3jp-47h4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52813","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.353","lastModified":"2026-06-26T05:16:30.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of Git repositories, one can overwrite the other's hooks configuration to result in Remote Code Execution (RCE). This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-52813","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/f6acd467305943aae8403cbac81f0118dd1235d7","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8334","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52814","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.497","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlying net.Conn. An unauthenticated attacker can open multiple TCP connections to the SSH port and simply withhold the SSH protocol banner. This forces the server to spawn an unbounded number of goroutines that block indefinitely waiting for socket I/O. This leads to complete File Descriptor (FD) exhaustion, preventing legitimate users from accessing the Git SSH service, and ultimately destabilizing the entire Gogs process (e.g., causing internal log rotation failures). This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:24:46.830960Z","id":"CVE-2026-52814","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/7da9cda314054501e1a7938a9c4d7896f331b884","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8335","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-xp79-5mx3-jx52","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-xp79-5mx3-jx52","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52815","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.627","lastModified":"2026-06-25T16:16:39.027","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/org_team.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the reqToken() middleware, and the listTeams() handler performs no authentication check, exposing team IDs, names, descriptions, and permission levels to any unauthenticated caller. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:50:04.434055Z","id":"CVE-2026-52815","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-744x-3838-5r56","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-744x-3838-5r56","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52816","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T21:16:57.753","lastModified":"2026-06-25T21:16:27.447","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting (XSS). The endpoint uses bluemonday.UGCPolicy() with p.AllowURLSchemes(\"data\") which permits all data URI schemes including data:text/html, enabling attackers to inject malicious HTML/JavaScript. Additionally, the endpoint has no authentication middleware, allowing any registered user to exploit this vulnerability. This vulnerability is fixed in 0.14.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gogs","product":"gogs","versions":[{"version":"< 0.14.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:19:34.243018Z","id":"CVE-2026-52816","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/gogs/gogs/commit/dd1bd9837aa196b3ed3a8ee21e5727b5d7a986a3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/pull/8326","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/releases/tag/v0.14.3","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-3w28-36p9-w929","source":"security-advisories@github.com"},{"url":"https://github.com/gogs/gogs/security/advisories/GHSA-3w28-36p9-w929","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-7539","sourceIdentifier":"hp-security-alert@hp.com","published":"2026-06-24T21:16:58.350","lastModified":"2026-06-26T05:16:31.807","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability."}],"affected":[{"source":"hp-security-alert@hp.com","affectedData":[{"vendor":"HP Inc.","product":"HP Dock Accessory","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"<1.4.11.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"hp-security-alert@hp.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-7539","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"hp-security-alert@hp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-379"}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_15190804-15190818-16/hpsbhf04129","source":"hp-security-alert@hp.com"}]}},{"cve":{"id":"CVE-2025-60468","sourceIdentifier":"cve@mitre.org","published":"2026-06-24T22:16:44.910","lastModified":"2026-06-26T19:56:49.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ¶¶ In GPAC s MP4Box, gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:30:41.136233Z","id":"CVE-2025-60468","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"26.02.0","matchCriteriaId":"513BC555-5B1C-4AD7-9365-6F9CABA82F35"}]}]}],"references":[{"url":"https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/gpac/gpac/issues/3290","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://infosec.exchange/@sigdevel/116780598378458041","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/gpac/gpac/issues/3290","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-10043","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-24T22:16:46.003","lastModified":"2026-06-25T19:10:00.050","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"MosaicML","product":"Composer","defaultStatus":"unknown","versions":[{"version":"0.32.1","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:55:17.852805Z","id":"CVE-2026-10043","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mosaicml/composer/commit/6405188805a0054b4551ec49e4919c54c971d0e8","source":"zdi-disclosures@trendmicro.com"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-384/","source":"zdi-disclosures@trendmicro.com"}]}},{"cve":{"id":"CVE-2026-39893","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:46.617","lastModified":"2026-06-26T05:16:26.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the configured guest user), so the SQLi was reachable pre-auth on installs with guest viewing enabled. This issue was fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-39893","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/pull/7039","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-69gg-mjfm-jjpc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39894","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:46.753","lastModified":"2026-06-25T20:19:35.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric() and concatenates them into the RRDtool update command via PHP string interpolation. PHP's string cast of floats is locale-sensitive: if LC_NUMERIC uses comma as decimal separator (e.g., de_DE), a value of 1.5 becomes \"1,5\". RRDtool expects . as decimal separator, causing metric data to shift into wrong columns or be silently dropped. No setlocale() reset is present in the update path. This causes a data integrity issue, but is not remotely exploitable; it requires server locale misconfiguration. The issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:02:29.458961Z","id":"CVE-2026-39894","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-474"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/d2a698854956e9e4e53da9eab5b5719ae40e6893","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/issues/7011","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-23g4-vf2j-94w4","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39897","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:46.887","lastModified":"2026-06-25T15:04:26.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:44:40.471391Z","id":"CVE-2026-39897","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/7c544ea0b45de627f206eefe93005433c2c3864d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-2j98-xfjq-gw39","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47093","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-24T22:16:47.033","lastModified":"2026-06-24T22:16:47.033","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-50189","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:47.390","lastModified":"2026-06-26T19:50:17.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/* on the public ingress. Combined with the APPSMITH_SUPERVISOR_PASSWORD exposed via GET /api/v1/admin/env, any authenticated administrator can send arbitrary XML-RPC calls to supervisord and execute OS commands inside the Docker container via twiddler.addProgramToGroup. This vulnerability is fixed in 2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appsmithorg","product":"appsmith","versions":[{"version":"< 2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:13:18.851407Z","id":"CVE-2026-50189","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-183"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1","matchCriteriaId":"6FE2EAB6-276F-426B-BDD2-BF6E6CCF5E60"}]}]}],"references":[{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-v49v-673j-g4vj","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-v49v-673j-g4vj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-50551","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:47.513","lastModified":"2026-06-25T14:16:45.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting (XSS) vulnerability in the Attribute View (database) asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:20:21.383745Z","id":"CVE-2026-50551","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53765","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:47.783","lastModified":"2026-06-26T19:16:42.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDG_RUNTIME_DIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use O_NOFOLLOW, a local low-privilege user on the same POSIX host can pre-create /tmp/chrome-devtools-mcp-<victim_uid>/daemon.pid as a symlink to a file writable by the victim. When the victim later starts daemon mode, fs.writeFileSync() follows the symlink and truncates the target file to the daemon PID string. This vulnerability is fixed in  1.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ChromeDevTools","product":"chrome-devtools-mcp","versions":[{"version":">= 0.20.0, <  1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:51:05.310554Z","id":"CVE-2026-53765","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome-devtools-mcp:*:*:*:*:*:node.js:*:*","versionStartIncluding":"0.20.0","versionEndExcluding":"1.1.0","matchCriteriaId":"ECCAC380-0C97-4614-B8EF-18B0BEA5CFA5"}]}]}],"references":[{"url":"https://github.com/ChromeDevTools/chrome-devtools-mcp/security/advisories/GHSA-3pvj-jv98-qhjq","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53766","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:47.917","lastModified":"2026-06-26T19:21:00.383","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by checking whether path.resolve(filePath) textually falls under one of the configured root paths. path.resolve() does not canonicalize symbolic links. As a result, a symlink inside a configured workspace root can point to a file outside that root, pass validation, and then be followed by downstream file read/write operations. This bypass applies even when the MCP client correctly declares the roots capability with a non-empty list. It is separate from the documented legacy behavior where missing roots capability allows all paths. The practical impact is a workspace-boundary bypass. In the write direction, filePath-writing tools can overwrite out-of-root files through an in-root symlink. In the read direction, upload_file can read through the symlink and send the file to the currently selected web page. This vulnerability is fixed in 1.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ChromeDevTools","product":"chrome-devtools-mcp","versions":[{"version":">= 0.24.0, < 1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:13:11.013103Z","id":"CVE-2026-53766","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome-devtools-mcp:*:*:*:*:*:node.js:*:*","versionStartIncluding":"0.24.0","versionEndExcluding":"1.1.0","matchCriteriaId":"9BD336BF-0F30-4708-8AEA-E0B2144FFC10"}]}]}],"references":[{"url":"https://github.com/ChromeDevTools/chrome-devtools-mcp/security/advisories/GHSA-8qf9-62x2-82pp","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ChromeDevTools/chrome-devtools-mcp/security/advisories/GHSA-8qf9-62x2-82pp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54066","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.043","lastModified":"2026-06-25T14:22:40.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 (\"Path Traversal via Double URL Encoding\") sanitized the /export/ route but the identical root cause remains in the /assets/*path route. In publish mode (anonymous read-only HTTP endpoint, default port 6808), an unauthenticated remote attacker can read arbitrary files inside WorkspaceDir — including conf/conf.json (which contains the AccessAuthCode SHA256 hash, API token, and sync keys), temp/siyuan.db, temp/blocktree.db, and siyuan.log — by double-URL-encoding .. segments. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:33:17.088814Z","id":"CVE-2026-54066","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-23"},{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-p4m3-mgmm-c664","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-p4m3-mgmm-c664","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54067","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.177","lastModified":"2026-06-25T16:16:39.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag when renderSnippet() interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer runs with nodeIntegration:true, so require('child_process') is reachable from the injected handler and the XSS chains to host RCE. Snippets sync via the workspace repository, so an attacker with write access to any synced workspace plants the payload once and it fires on every device that pulls. The bug also bypasses the user's enabledCSS / enabledJS separation. A user who turned enabledJS off was making a deliberate call not to run untrusted JavaScript; the CSS path runs it anyway. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:29:14.922467Z","id":"CVE-2026-54067","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-mvjr-vv3c-w4qv","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-mvjr-vv3c-w4qv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54068","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.303","lastModified":"2026-06-25T14:16:46.157","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router (router.go, \"不需要鉴权\" -- no auth needed). When called with type=8 and a valid block id parameter, this endpoint invokes RenderDynamicIconContentTemplate, which executes a Go template that includes the querySQL and queryBlocks functions. These functions run arbitrary SELECT statements against the SiYuan SQLite database. An unauthenticated network-adjacent attacker who knows a valid block ID can exfiltrate all user note content, tags, asset references, and block attributes from the database. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:21:02.883883Z","id":"CVE-2026-54068","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gcm7-57gf-953c","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gcm7-57gf-953c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54069","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.433","lastModified":"2026-06-25T15:16:38.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:54:50.828436Z","id":"CVE-2026-54069","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hvr9-72v2-fff3","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hvr9-72v2-fff3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54070","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.583","lastModified":"2026-06-26T19:16:42.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitize(true). The lute sanitizer is an event-handler blocklist: allowAttr rejects only attribute names present in a fixed eventAttrs map copied from the w3schools legacy handler list. That map omits modern event handlers. onpointerover, onpointerdown, onauxclick, onbeforetoggle, onfocusin, onanimationstart, and ontransitionend are not in the list, so the sanitizer passes them through verbatim on any tag. The frontend assigns the rendered HTML to mdElement.innerHTML in app/src/config/bazaar.ts with no client-side DOMPurify on this path, into a normal element in the main document (no iframe, no sandbox). The kernel sends no Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options header on any response, so an inline handler runs when its event fires. The README is rendered when an Administrator opens a package in Settings → Marketplace, after the one-time marketplace trust consent. Install is not required. Result: a third-party Bazaar package author runs JavaScript in the Administrator's authenticated SiYuan origin when the Administrator views and interacts with the package listing, and gains full control of the workspace. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:14:37.374858Z","id":"CVE-2026-54070","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-w7cg-whh7-xp28","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54158","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.740","lastModified":"2026-06-26T00:16:53.823","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like </textarea><img src=x onerror=\"...\"> or \"><img src=x onerror=\"...\"> breaks out of its surrounding tag and runs arbitrary JavaScript in the renderer when the victim opens the block-attribute panel. On Electron desktop the renderer runs with nodeIntegration:true, so the XSS chains to host RCE via require('child_process'). AV files live under the workspace and ride normal sync, so an attacker with write access to any synced workspace plants the payload once and it fires on every device that opens a panel containing that row.he kernel doesn't escape on the way in either, so the malicious cell persists byte-for-byte. There's no equivalent of the html.EscapeAttrVal call that protects block IAL attributes at kernel/model/blockial.go:261. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:11:44.806060Z","id":"CVE-2026-54158","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-5xfx-xj4h-5p7r","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-5xfx-xj4h-5p7r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54759","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:48.873","lastModified":"2026-06-25T14:22:40.920","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious <iframe> in a Bazaar package README that executes arbitrary commands on the victim's machine when the package details are viewed. No package installation is required. This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:32:34.379432Z","id":"CVE-2026-54759","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-r6v5-4c66-f6pw","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-r6v5-4c66-f6pw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55454","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:49.003","lastModified":"2026-06-26T19:50:41.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by docker-compose.yml, it is reachable from the Appsmith server process itself or a SSRF vulnerability. An authenticated low-privileged user can therefore drive the SSRF to issue POST /load (or any other admin-API call) against http://0.0.0.0:2019/, fully replacing the live Caddy configuration and taking over the reverse proxy. This vulnerability is fixed in 2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appsmithorg","product":"appsmith","versions":[{"version":"< 2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:11:31.039499Z","id":"CVE-2026-55454","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-749"},{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1","matchCriteriaId":"6FE2EAB6-276F-426B-BDD2-BF6E6CCF5E60"}]}]}],"references":[{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-8jvv-gwqg-6vjc","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-8jvv-gwqg-6vjc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55455","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:49.137","lastModified":"2026-06-26T19:50:00.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugins) validates hosts against an exact-match string denylist. The comprehensive address-class check (loopback, any-local, link-local, fc00::/7) exists only on a separate code path used by SMTP, not by the HTTP plugin path. As a result, an authenticated user can craft outbound requests that reach loopback-bound services inside the container. This vulnerability is fixed in 2.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"appsmithorg","product":"appsmith","versions":[{"version":"< 2.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:04:48.487796Z","id":"CVE-2026-55455","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1","matchCriteriaId":"6FE2EAB6-276F-426B-BDD2-BF6E6CCF5E60"}]}]}],"references":[{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m23h-pvf3-2m7p","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m23h-pvf3-2m7p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-55570","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:49.260","lastModified":"2026-06-25T15:16:39.423","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover.  This vulnerability is fixed in 3.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"siyuan-note","product":"siyuan","versions":[{"version":"< 3.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:49:21.857553Z","id":"CVE-2026-55570","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x","source":"security-advisories@github.com"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55759","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:49.527","lastModified":"2026-06-26T05:16:30.947","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless of aud, exp, nbf, or nonce. An attacker who obtains a target user's Apple identity token (from server logs, an intercepted sign-in flow, or another application sharing the same Apple developer team) can replay it to authenticate as that user, with no expiration on the replay window. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.1","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.4","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.6","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.6","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.6","status":"affected"},{"version":">= 7.11.0-rc.0, < 8.0.7","status":"affected"},{"version":"< 7.10.13","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-55759","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-c75c-5hc7-j4vp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55762","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T22:16:49.667","lastModified":"2026-06-25T14:19:40.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces authentication (authRequired: true) but performs no authorization check. Any authenticated user — including a standard user role account — can call this endpoint with {\"setDeploymentAs\": \"new-workspace\"} to permanently deregister the workspace from Rocket.Chat Cloud. This wipes all cloud credentials, removes the workspace license, breaks push notifications for all users, and requires manual re-registration to recover. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":">= 8.5.0-rc.0, < 8.5.1","status":"affected"},{"version":">= 8.4.0-rc.0, < 8.4.4","status":"affected"},{"version":">= 8.3.0-rc.0, < 8.3.6","status":"affected"},{"version":">= 8.2.0-rc.0, < 8.2.6","status":"affected"},{"version":">= 8.1.0-rc.0, < 8.1.6","status":"affected"},{"version":">= 7.11.0-rc.0, < 8.0.7","status":"affected"},{"version":"< 7.10.13","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:34:23.639307Z","id":"CVE-2026-55762","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-8hhc-j325-rxqp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-9772","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-24T22:16:49.803","lastModified":"2026-06-26T20:15:18.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within FileUpload.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30116."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Unraid","product":"Unraid","defaultStatus":"unknown","versions":[{"version":"1161ec120","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9772","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:unraid:unraid:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3.0","matchCriteriaId":"9C25AE07-FC8F-4304-9639-F7C8CC974C43"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-385/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9773","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-24T22:16:49.920","lastModified":"2026-06-26T20:15:52.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within ToggleState.php. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-30134."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Unraid","product":"Unraid","defaultStatus":"unknown","versions":[{"version":"1161ec120","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:55:40.571043Z","id":"CVE-2026-9773","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:unraid:unraid:*:*:*:*:*:*:*:*","versionEndExcluding":"7.3.0","matchCriteriaId":"9C25AE07-FC8F-4304-9639-F7C8CC974C43"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-386/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-8106","sourceIdentifier":"cve@gitlab.com","published":"2026-06-24T23:16:40.277","lastModified":"2026-06-24T23:16:40.277","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-39899","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T23:16:40.367","lastModified":"2026-06-26T00:16:51.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:15:25.542953Z","id":"CVE-2026-39899","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/pull/6899","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-pr9x-34w8-4mf7","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39900","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T23:16:40.530","lastModified":"2026-06-25T15:00:28.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:28:06.581753Z","id":"CVE-2026-39900","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/891344a5c10b8687a3d2a5d26e6de20f13069e2a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-34rf-frc3-v48r","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39938","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T23:16:40.677","lastModified":"2026-06-26T05:16:26.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-39938","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/9871f0cef9af285398d558c9b3188d5977e01a04","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-rm7p-qcqm-x5m6","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39948","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T23:16:40.830","lastModified":"2026-06-26T05:16:27.033","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php, which are reachable pre-authentication through graph_view.php on installations with guest graph viewing enabled. Because the unbalanced-quote payload bypasses the regex validation that would otherwise reject it, an unauthenticated attacker can inject arbitrary SQL to compromise the confidentiality, integrity, and availability of the database. This advisory is similar to GHSA-69gg-mjfm-jjpc. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-39948","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/136ae6ef0715e77bca69c0eb60781f5e17df0795","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-9jqv-4cpm-vm2c","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39955","sourceIdentifier":"security-advisories@github.com","published":"2026-06-24T23:16:40.980","lastModified":"2026-06-26T05:16:27.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-39955","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gp82-qhrg-crv7","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39951","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T00:17:47.403","lastModified":"2026-06-26T19:16:40.007","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:58.538014Z","id":"CVE-2026-39951","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-pf37-v86f-5xwp","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40079","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T00:17:47.570","lastModified":"2026-06-26T00:16:51.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandline). The risk is in __rrd_execute() where text_format values from graph templates (which may contain host variable substitutions) reach shell_exec without adequate escaping. This issue has been addressed in version 1.2.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Cacti","product":"cacti","versions":[{"version":"< 1.2.31","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:17:12.943938Z","id":"CVE-2026-40079","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.31","matchCriteriaId":"5406B2E1-D53C-45AC-8F93-CFCAEDC1B5F8"}]}]}],"references":[{"url":"https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-xq98-376r-hv9j","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7569","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:47.707","lastModified":"2026-06-26T20:16:42.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the viewclient webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28202."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.1.7","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:43:19.813508Z","id":"CVE-2026-7569","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-377/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7570","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:47.823","lastModified":"2026-06-26T02:03:53.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBUDashboard JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27809."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:08:54.245528Z","id":"CVE-2026-7570","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-368/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9780","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.187","lastModified":"2026-06-26T02:04:10.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the addclient3 webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27666."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.1.7","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:47:12.693151Z","id":"CVE-2026-9780","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-369/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9781","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.293","lastModified":"2026-06-26T02:04:23.137","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBURASDevice JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27648."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:49:50.872086Z","id":"CVE-2026-9781","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-370/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9782","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.407","lastModified":"2026-06-26T05:16:32.253","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBUDeviceDrive JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27633."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9782","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-371/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9783","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.520","lastModified":"2026-06-26T05:16:32.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBURemovableMedia JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27632."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9783","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-372/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9784","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.627","lastModified":"2026-06-26T05:16:32.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBULibraryPort JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27631."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9784","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-373/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9785","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.737","lastModified":"2026-06-26T05:16:32.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBULibrarySlot JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27630."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9785","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-374/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9786","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.850","lastModified":"2026-06-26T05:16:32.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBUDashboard JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27626."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9786","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-375/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9787","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-06-25T00:17:48.963","lastModified":"2026-06-26T05:16:32.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the processing of NVBULogDaemon JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27625."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Quest","product":"NetVault Backup","defaultStatus":"unknown","versions":[{"version":"14.0.0.19","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-9787","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:netvault_backup:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0.2","matchCriteriaId":"B90F1C8A-90F9-4621-8C79-D7BF2F0434DB"}]}]}],"references":[{"url":"https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-376/","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10833","sourceIdentifier":"security@wordfence.com","published":"2026-06-25T04:17:52.507","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevteam","product":"Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:27:30.981466Z","id":"CVE-2026-10833","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L425","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/src/blocks/table-of-contents/src/frontend.js#L448","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0efe8bbd-c1c9-48ed-adab-34c0ac3da8bf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12079","sourceIdentifier":"security@wordfence.com","published":"2026-06-25T04:17:55.913","lastModified":"2026-06-26T00:16:50.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wedevs","product":"Dokan Pro","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.0.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:18:39.320152Z","id":"CVE-2026-12079","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://dokan.co/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf95020-ac4f-4fb2-8fb4-a9998005991c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-2508","sourceIdentifier":"security@wordfence.com","published":"2026-06-25T04:17:56.043","lastModified":"2026-06-25T13:26:11.740","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staff_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"GravityMore","product":"Gravity Bookings","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:20:09.936204Z","id":"CVE-2026-2508","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"http://gravitybooking.com/","source":"security@wordfence.com"},{"url":"https://gravitybooking.com/docs/gravity-forms-booking/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fd090d-255b-4a67-9010-9261dd79816a?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-0934","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:50.410","lastModified":"2026-06-26T18:36:49.923","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configurations despite CI/CD visibility being disabled for the project."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"17.9","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:50:11.428883Z","id":"CVE-2026-0934","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"17.9.0","versionEndExcluding":"18.11.6","matchCriteriaId":"11AB2104-DEBE-44B9-9041-38CF73916A2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"D398AA66-56F3-4ED2-AD85-E2C094EE577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/585961","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3508760","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-10086","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:50.530","lastModified":"2026-06-26T18:36:05.783","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session, due to improper sanitization of user-supplied input."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"16.4","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-10086","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"16.4.0","versionEndExcluding":"18.11.6","matchCriteriaId":"B6442921-C30A-4345-B0C2-14896044D93E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"D398AA66-56F3-4ED2-AD85-E2C094EE577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/601634","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3734800","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-10712","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:50.640","lastModified":"2026-06-26T18:30:40.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"18.10","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-10712","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"18.10.0","versionEndExcluding":"18.11.6","matchCriteriaId":"C8FCB681-4849-40F5-A989-6DBDEA66FB30"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/601857","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3688717","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-11379","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:50.767","lastModified":"2026-06-26T18:34:26.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"13.11","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:10:02.747596Z","id":"CVE-2026-11379","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.11.0","versionEndExcluding":"18.11.6","matchCriteriaId":"2248E1A1-D78E-4BD8-A5D3-29F93FE2A2D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"D398AA66-56F3-4ED2-AD85-E2C094EE577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/517659","source":"cve@gitlab.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-12053","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:50.890","lastModified":"2026-06-26T18:33:13.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:17:13.971317Z","id":"CVE-2026-12053","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/602194","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3757762","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-12635","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:51.170","lastModified":"2026-06-26T18:29:37.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"8.3","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:23:32.053651Z","id":"CVE-2026-12635","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-350"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0","versionEndExcluding":"18.11.6","matchCriteriaId":"7B473040-DFF5-4D47-ACBD-7E281202D370"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/594321","source":"cve@gitlab.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-13311","sourceIdentifier":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","published":"2026-06-25T05:16:52.763","lastModified":"2026-06-26T19:03:34.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse() runs in O(n^2) time relative to the number of input tokens. An attacker who can supply an attacker-controlled string to any code path that calls parse() (no shell metacharacters are required; plain space-separated words suffice) can block the single-threaded Node.js event loop for an extended period with a small input, resulting in a denial of service. There is no code execution or data disclosure; impact is to availability only. Fixed in 1.8.5."}],"affected":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","affectedData":[{"vendor":"ljharb","product":"shell-quote","defaultStatus":"unaffected","collectionURL":"https://www.npmjs.com/package","packageName":"shell-quote","versions":[{"version":"0","lessThanOrEqual":"1.8.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:49:33.455269Z","id":"CVE-2026-13311","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shell-quote_project:shell-quote:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.9.0","matchCriteriaId":"857C16CB-E752-4E3D-A096-79E73102BEB8"}]}]}],"references":[{"url":"https://github.com/ljharb/shell-quote/security/advisories/GHSA-395f-4hp3-45gv","source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","tags":["Vendor Advisory"]},{"url":"https://www.npmjs.com/package/shell-quote","source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","tags":["Product"]},{"url":"https://github.com/ljharb/shell-quote/security/advisories/GHSA-395f-4hp3-45gv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1606","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:52.920","lastModified":"2026-06-26T18:40:32.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"14.8","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:51:03.290608Z","id":"CVE-2026-1606","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"14.8.0","versionEndExcluding":"18.11.6","matchCriteriaId":"C4856818-AB16-4928-8938-824CB00A7BE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/588128","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3527473","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-2238","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:53.323","lastModified":"2026-06-26T18:40:02.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"17.5","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:55:19.991027Z","id":"CVE-2026-2238","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"17.5.0","versionEndExcluding":"18.11.6","matchCriteriaId":"A6C7CC57-7148-48F4-B67D-9E9AF67C4138"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/589186","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3543011","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-3176","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:53.440","lastModified":"2026-06-26T18:26:22.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization checks."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"18.6","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:58:32.824711Z","id":"CVE-2026-3176","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"18.6.0","versionEndExcluding":"18.11.6","matchCriteriaId":"17A1B3DA-A793-4A56-8A13-563B391730D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"D398AA66-56F3-4ED2-AD85-E2C094EE577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/591373","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3568164","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-5309","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:55.390","lastModified":"2026-06-26T18:05:00.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without authorization."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"18.6","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:01:32.835888Z","id":"CVE-2026-5309","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"18.6.0","versionEndExcluding":"18.11.6","matchCriteriaId":"17A1B3DA-A793-4A56-8A13-563B391730D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"D398AA66-56F3-4ED2-AD85-E2C094EE577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"49957E0D-C888-4AB1-9C15-8CD6E55454B1"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595468","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3628793","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-5796","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:55.510","lastModified":"2026-06-26T18:39:25.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the Package Registry disabled due to incorrect authorization checks in the group packages feature."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"13.6","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:02:59.427397Z","id":"CVE-2026-5796","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"13.6.0","versionEndExcluding":"18.11.6","matchCriteriaId":"A72D2ADC-8533-47EE-8CED-7135169B6EA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/596035","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3646902","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-5952","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:55.620","lastModified":"2026-06-26T18:38:49.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protected Maven package metadata due to incorrect authorization checks."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"17.11","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:06:34.162967Z","id":"CVE-2026-5952","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"17.11.0","versionEndExcluding":"18.11.6","matchCriteriaId":"74624962-150A-450A-9F64-F6A1CAF1A223"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/596134","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/3632428","source":"cve@gitlab.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-8330","sourceIdentifier":"cve@gitlab.com","published":"2026-06-25T05:16:55.733","lastModified":"2026-06-26T18:24:38.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint."}],"affected":[{"source":"cve@gitlab.com","affectedData":[{"vendor":"GitLab","product":"GitLab","defaultStatus":"unaffected","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"repo":"git://git@gitlab.com:gitlab-org/gitlab.git","versions":[{"version":"9.3","lessThan":"18.11.6","versionType":"semver","status":"affected"},{"version":"19.0","lessThan":"19.0.3","versionType":"semver","status":"affected"},{"version":"19.1","lessThan":"19.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:09:13.818558Z","id":"CVE-2026-8330","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"18.11.6","matchCriteriaId":"DFE0E06D-DEBC-48A1-B2B5-05D2A44160C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.0.3","matchCriteriaId":"9AF0E03E-D1A7-4C9E-B0BC-9EE4A5BE7CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:19.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49004C41-7512-49AA-A70B-AEE1A6C0718A"}]}]}],"references":[{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/","source":"cve@gitlab.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/599621","source":"cve@gitlab.com","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-10824","sourceIdentifier":"contact@wpscan.com","published":"2026-06-25T07:16:44.767","lastModified":"2026-06-25T14:16:35.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Masteriyo LMS  WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Masteriyo LMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:05:08.546335Z","id":"CVE-2026-10824","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/61d2f6ad-8450-40ae-862d-cafff38c27a0/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12244","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-06-25T07:16:44.900","lastModified":"2026-06-26T02:07:23.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes"}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"NSD","defaultStatus":"unaffected","versions":[{"version":"4.14.0","lessThan":"4.14.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:45:15.927329Z","id":"CVE-2026-12244","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.0","versionEndExcluding":"4.14.3","matchCriteriaId":"25173995-D8AF-4D73-BAA0-96D17AC63710"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt","source":"sep@nlnetlabs.nl","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12245","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-06-25T07:16:45.080","lastModified":"2026-06-26T02:07:41.173","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"NSD","defaultStatus":"unaffected","versions":[{"version":"4.13.0","lessThan":"4.14.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:42:22.635356Z","id":"CVE-2026-12245","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.14.3","matchCriteriaId":"5CFD6DBF-22D2-4A34-8BF9-D013F53DCCA9"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt","source":"sep@nlnetlabs.nl","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12246","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-06-25T07:16:45.197","lastModified":"2026-06-26T02:07:47.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"NSD","defaultStatus":"unaffected","versions":[{"version":"4.14.0","lessThan":"4.14.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:41:56.092027Z","id":"CVE-2026-12246","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.0","versionEndExcluding":"4.14.3","matchCriteriaId":"25173995-D8AF-4D73-BAA0-96D17AC63710"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt","source":"sep@nlnetlabs.nl","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12490","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-06-25T07:16:45.330","lastModified":"2026-06-26T02:08:03.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"NSD","defaultStatus":"unaffected","versions":[{"version":"4.10.1","lessThan":"4.14.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:40:01.913311Z","id":"CVE-2026-12490","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.3","matchCriteriaId":"3FD6F843-B034-430D-89EC-65AD69360ED8"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt","source":"sep@nlnetlabs.nl","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5305","sourceIdentifier":"contact@wpscan.com","published":"2026-06-25T07:16:45.737","lastModified":"2026-06-25T13:28:35.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks"}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Email Address Encoder","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.25","versionType":"semver","status":"affected"}]},{"vendor":"Unknown","product":"email-encoder-premium","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"0.3.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:39:09.558605Z","id":"CVE-2026-5305","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/bf59610b-98ba-4c05-b2fc-85c163e9a389/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-9702","sourceIdentifier":"contact@wpscan.com","published":"2026-06-25T07:16:45.830","lastModified":"2026-06-25T13:28:35.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or processing order on the site."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"InPost PL","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:35:19.232131Z","id":"CVE-2026-9702","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/79b27813-3d75-46a3-98d3-e6d8eb8ad467/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12937","sourceIdentifier":"security@wordfence.com","published":"2026-06-25T08:16:29.787","lastModified":"2026-06-25T17:16:38.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themefic","product":"Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.22.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:31:25.302705Z","id":"CVE-2026-12937","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/tourfic/tags/2.22.7/inc/Classes/Helper.php#L1164","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tourfic/tags/2.22.7/inc/Classes/Hotel/Hotel.php#L305","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tourfic/tags/2.22.7/inc/Classes/Hotel/Hotel.php#L543","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3584747%40tourfic&new=3584747%40tourfic&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/12c29a44-f9e4-439a-bc3f-18a3640f7924?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56129","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-06-25T08:16:29.960","lastModified":"2026-06-25T13:28:35.737","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Dynabook Inc.","product":"Generic IO & Memory Access driver","versions":[{"version":"all versions","status":"affected"}]},{"vendor":"TOSHIBA CORPORATION","product":"Generic IO & Memory Access driver","versions":[{"version":"all versions","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:31:18.344196Z","id":"CVE-2026-56129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-782"}]}],"references":[{"url":"https://corporate.jp.sharp/info/product-security/advisory-list/2026-003/","source":"vultures@jpcert.or.jp"},{"url":"https://global.sharp/corporate/info/product-security/advisory-list/2026-003/","source":"vultures@jpcert.or.jp"},{"url":"https://jvn.jp/en/vu/JVNVU91051826/","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-41566","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:29.767","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks.\n\nThis issue affects Apache Kvrocks: 2.8.0.\n\nUsers are recommended to upgrade to version 2.16.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Kvrocks","defaultStatus":"unaffected","versions":[{"version":"2.8.0","lessThanOrEqual":"2.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:I/V:X/RE:M/U:Amber","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"IRRECOVERABLE","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:13:37.083035Z","id":"CVE-2026-41566","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]}],"references":[{"url":"https://lists.apache.org/thread/zng5lp7psgkcv9jnm9tztdlm3rmzfydl","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-45188","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:29.937","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Relative Path Traversal vulnerability in Apache Kvrocks.\n\nThis issue affects Apache Kvrocks: from 1.0.0 through 2.15.0.\n\nUsers are recommended to upgrade to version 2.16.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Kvrocks","defaultStatus":"unaffected","collectionURL":"https://hub.docker.com","packageName":"apache/kvrocks","versions":[{"version":"1.0.0","lessThanOrEqual":"2.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Clear","baseScore":2.4,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"CLEAR"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:16:29.523454Z","id":"CVE-2026-45188","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://lists.apache.org/thread/hxw1zxmpm12x6dltpyr9fpmnbz632jft","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-46751","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:30.070","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Apache Kvrocks.\n\nThis issue affects Apache Kvrocks: from 2.2.0 through 2.15.0.\n\nUsers are recommended to upgrade to version 2.16.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Kvrocks","defaultStatus":"unaffected","collectionURL":"https://hub.docker.com","packageName":"apache/kvrocks","versions":[{"version":"2.2.0","lessThanOrEqual":"2.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:18:53.931200Z","id":"CVE-2026-46751","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://lists.apache.org/thread/cjjk4gq1nkb7pooqc37gz0blvdkqgv5z","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/3","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-46752","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:30.190","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks.\n\nThis issue affects Apache Kvrocks: from 2.0.4 through 2.15.0.\n\nUsers are recommended to upgrade to version 2.16.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Kvrocks","defaultStatus":"unaffected","collectionURL":"https://hub.docker.com","packageName":"apache/kvrocks","versions":[{"version":"2.0.4","lessThanOrEqual":"2.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:21:16.917437Z","id":"CVE-2026-46752","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://lists.apache.org/thread/11sr3bkkhkk0q01odgw6ddsj7fzo31pt","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-54226","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:45.987","lastModified":"2026-06-25T14:16:46.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Apache Kvrocks.\n\nThis issue affects Apache Kvrocks: from 2.6.0 through 2.15.0.\n\nUsers are recommended to upgrade to version 2.16.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Kvrocks","defaultStatus":"unaffected","collectionURL":"https://hub.docker.com","packageName":"apache/kvrocks","versions":[{"version":"2.6.0","lessThanOrEqual":"2.15.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:D/RE:L/U:Amber","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"IRRECOVERABLE","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:21:55.573755Z","id":"CVE-2026-54226","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://lists.apache.org/thread/pnglz29zh804rd3257fbh56cqgy1q65g","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-56091","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:46.103","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass.\nThis vulnerability is similar to  https://www.cve.org/CVERecord?id=CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the `shiro-guice` module instead of the `shiro-spring` module.\n\nThis issue affects all Apache Shiro versions through 2.x, and 3.0.0-alpha-1 only when using `shiro-guice` module in a web servlet context.\n\nUpgrade to version 3.0.0 or later, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Shiro","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.shiro:shiro-guice","versions":[{"version":"0","lessThanOrEqual":"2.99.99","versionType":"semver","status":"affected"},{"version":"3.0.0-alpha-0","lessThanOrEqual":"3.0.0-alpha-1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:D/RE:L/U:Amber","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"PRESENT","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:10:08.791843Z","id":"CVE-2026-56091","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-289"}]}],"references":[{"url":"https://lists.apache.org/thread/onmtxmy2qonbpx7xlw3o34x8sctv47r7","source":"security@apache.org"}]}},{"cve":{"id":"CVE-2026-56130","sourceIdentifier":"security@apache.org","published":"2026-06-25T09:16:46.230","lastModified":"2026-06-25T13:27:40.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"\"Remember me\" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed.\nThis issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only when RememberMe functionality is enabled.\n\n\nUpgrade to version 3.0.0 or later, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Shiro","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.shiro:shiro-web","versions":[{"version":"1.2.4","lessThanOrEqual":"2.99.99","versionType":"semver","status":"affected"},{"version":"3.0.0-alpha-0","lessThanOrEqual":"3.0.0-alpha-1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:D/RE:L/U:Green","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:11:59.992799Z","id":"CVE-2026-56130","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://lists.apache.org/thread/9k9b3bmlq516ylvf7cdp3dlrtdtmxbmo","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/24/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-42005","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T12:16:47.350","lastModified":"2026-06-25T16:00:30.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can send a web request that causes unlimited memory \nallocation in the internal web server, leading to a denial of service. \nThe internal web server is disabled by default."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Authoritative","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns","modules":["YaHTTP"],"programFiles":["ext/yahttp/yahttp/reqresp.cpp"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"4.9.0","lessThan":"4.9.16","versionType":"semver","status":"affected"},{"version":"5.0.0","lessThan":"5.0.6","versionType":"semver","status":"affected"},{"version":"5.1.0","lessThan":"5.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:03:44.259390Z","id":"CVE-2026-42005","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-07.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-33612","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:38.437","lastModified":"2026-06-25T16:00:30.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["Zone to cache"],"programFiles":["rec-zonetocache.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.2.0","lessThan":"5.2.11","versionType":"semver","status":"affected"},{"version":"5.3.0","lessThan":"5.3.8","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:35:24.220350Z","id":"CVE-2026-33612","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-349"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-40011","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:39.323","lastModified":"2026-06-25T16:00:30.783","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["Prometheus export"],"programFiles":["dnsdist-web.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:23:09.989984Z","id":"CVE-2026-40011","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-40208","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:39.427","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["DNS over HTTP3"],"programFiles":["doh3.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:24:51.405029Z","id":"CVE-2026-40208","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-705"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-40209","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:39.527","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["DNS over TCP to the backend"],"programFiles":["dnsdist-tcp-downstream.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:56:17.791790Z","id":"CVE-2026-40209","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-772"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-40210","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:39.620","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["SetMacAddrAction"],"programFiles":["dnsdist-actions-factory.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:49:25.851878Z","id":"CVE-2026-40210","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-126"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-40211","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:39.717","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["DNS over HTTP3"],"programFiles":["dnsdist-crypto.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:44:56.582604Z","id":"CVE-2026-40211","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42004","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T13:16:40.547","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"DNSdist","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"dnsdist","modules":["EDNS processing"],"programFiles":["dnsdist-ecs.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"1.9.0","lessThan":"1.9.15","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThan":"2.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:44:02.980438Z","id":"CVE-2026-42004","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-115"}]}],"references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-2815","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:37.067","lastModified":"2026-06-25T15:16:34.637","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys"}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"SiSDK","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2025.12.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:03:39.954725Z","id":"CVE-2026-2815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-339"}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release","source":"product-security@silabs.com"},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000kDYsfIAG?operationContext=S1","source":"product-security@silabs.com"}]}},{"cve":{"id":"CVE-2026-40012","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:38.840","lastModified":"2026-06-25T16:16:35.007","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;"}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["EDNS Client Subnet processing"],"programFiles":["pdns_recursor.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.2.0","lessThan":"5.2.11","versionType":"semver","status":"affected"},{"version":"5.3.0","lessThan":"5.3.8","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:40:29.990781Z","id":"CVE-2026-40012","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-41120","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T14:16:39.140","lastModified":"2026-06-26T19:06:22.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 5.5 HF1 or later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-41120","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-349"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"5.5","matchCriteriaId":"2785B726-7FD1-41C8-91F9-46100C01E215"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:5.5:-:*:*:*:*:*:*","matchCriteriaId":"D51B5AAD-1426-40D2-9D2C-6825255274B3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42387","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:39.447","lastModified":"2026-06-25T16:16:35.133","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["Zone to cache"],"programFiles":["zonemd.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.2.0","lessThan":"5.2.11","versionType":"semver","status":"affected"},{"version":"5.3.0","lessThan":"5.3.8","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:41:19.840992Z","id":"CVE-2026-42387","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42388","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:39.557","lastModified":"2026-06-25T16:16:35.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete validation of the SOA record present in a catalog zone might lead to a crash."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["Catalog Zones"],"programFiles":["rec-xfr.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.2.0","lessThan":"5.2.11","versionType":"semver","status":"affected"},{"version":"5.3.0","lessThan":"5.3.8","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:42:11.248693Z","id":"CVE-2026-42388","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42389","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:39.653","lastModified":"2026-06-25T16:16:35.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["Web Server"],"programFiles":["pdns_recursor.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:58:11.587235Z","id":"CVE-2026-42389","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-42390","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:39.760","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["ZoneMD"],"programFiles":["zonemd.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:25:32.947074Z","id":"CVE-2026-42390","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-47145","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:40.587","lastModified":"2026-06-25T18:46:10.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:06:40.231070Z","id":"CVE-2026-47145","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47146","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:40.700","lastModified":"2026-06-25T18:46:31.157","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:07:09.566821Z","id":"CVE-2026-47146","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47147","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:40.810","lastModified":"2026-06-25T18:47:57.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:15:18.842974Z","id":"CVE-2026-47147","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47148","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:40.920","lastModified":"2026-06-25T18:48:20.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:15:40.916713Z","id":"CVE-2026-47148","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47149","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.027","lastModified":"2026-06-25T18:48:40.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:05:16.293075Z","id":"CVE-2026-47149","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47150","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.137","lastModified":"2026-06-25T18:49:11.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:16:00.494010Z","id":"CVE-2026-47150","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47151","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.243","lastModified":"2026-06-25T18:51:37.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:16:27.904835Z","id":"CVE-2026-47151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47152","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.360","lastModified":"2026-06-25T18:38:11.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:17:39.430184Z","id":"CVE-2026-47152","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47153","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.500","lastModified":"2026-06-25T18:37:51.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:17:57.142989Z","id":"CVE-2026-47153","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-47154","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:41.623","lastModified":"2026-06-25T18:35:01.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:18:59.511778Z","id":"CVE-2026-47154","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-49506","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T14:16:42.113","lastModified":"2026-06-26T19:05:36.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Wyse Management Suite","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 5.5 HF1 or later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T03:55:50.224929Z","id":"CVE-2026-49506","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"5.5","matchCriteriaId":"2785B726-7FD1-41C8-91F9-46100C01E215"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:wyse_management_suite:5.5:-:*:*:*:*:*:*","matchCriteriaId":"D51B5AAD-1426-40D2-9D2C-6825255274B3"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-4526","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T14:16:42.313","lastModified":"2026-06-25T18:32:19.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"EmberZNet","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"9.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:04:19.829011Z","id":"CVE-2026-4526","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0.2","matchCriteriaId":"DFB7F7FE-835F-49EA-B3FF-2512A8A1E797"}]}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release/","source":"product-security@silabs.com","tags":["Not Applicable"]},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1","source":"product-security@silabs.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-52690","sourceIdentifier":"security@open-xchange.com","published":"2026-06-25T14:16:45.450","lastModified":"2026-06-25T15:59:47.100","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail."}],"affected":[{"source":"security@open-xchange.com","affectedData":[{"vendor":"PowerDNS","product":"Recursor","defaultStatus":"unaffected","collectionURL":"https://repo.powerdns.com/","packageName":"pdns-recursor","modules":["Outgoing EDNS handling"],"programFiles":["syncres.cc"],"repo":"https://github.com/PowerDNS/pdns","versions":[{"version":"5.2.0","lessThan":"5.2.11","versionType":"semver","status":"affected"},{"version":"5.3.0","lessThan":"5.3.8","versionType":"semver","status":"affected"},{"version":"5.4.0","lessThan":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:21:31.973756Z","id":"CVE-2026-52690","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html","source":"security@open-xchange.com"}]}},{"cve":{"id":"CVE-2026-54821","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:46.613","lastModified":"2026-06-26T00:16:53.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Bootstrapped Ventures","product":"Visual Link Preview","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"visual-link-preview","versions":[{"version":"n/a","lessThanOrEqual":"2.3.1","versionType":"custom","status":"affected","changes":[{"at":"2.4.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:20:05.342094Z","id":"CVE-2026-54821","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/visual-link-preview/vulnerability/wordpress-visual-link-preview-plugin-2-3-1-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54822","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:46.747","lastModified":"2026-06-25T16:16:39.440","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"SALESmanago","product":"SALESmanago & Leadoo","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"salesmanago","versions":[{"version":"n/a","lessThanOrEqual":"3.11.2","versionType":"custom","status":"affected","changes":[{"at":"3.11.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:55:17.640261Z","id":"CVE-2026-54822","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/salesmanago/vulnerability/wordpress-salesmanago-leadoo-plugin-3-11-2-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54823","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:46.867","lastModified":"2026-06-25T16:16:39.533","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"MarketingFire","product":"Widget Options","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"widget-options","versions":[{"version":"n/a","lessThanOrEqual":"4.2.3","versionType":"custom","status":"affected","changes":[{"at":"4.2.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:50:39.576029Z","id":"CVE-2026-54823","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-2-3-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54828","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:46.990","lastModified":"2026-06-25T15:16:38.927","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Broken Access Control in Motors <= 1.4.109 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"StylemixThemes","product":"Motors","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"motors-car-dealership-classified-listings","versions":[{"version":"n/a","lessThanOrEqual":"1.4.109","versionType":"custom","status":"affected","changes":[{"at":"1.4.110","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:20:41.649718Z","id":"CVE-2026-54828","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-1-4-109-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54829","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:47.120","lastModified":"2026-06-25T15:16:39.030","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.\n\nThis issue affects WP Photo Album Plus: from n/a through 9.1.13.005."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Jacob N. Breetvelt","product":"WP Photo Album Plus","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-photo-album-plus","versions":[{"version":"n/a","lessThanOrEqual":"9.1.13.005","versionType":"custom","status":"affected","changes":[{"at":"9.2.01.001","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:57:44.197731Z","id":"CVE-2026-54829","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-photo-album-plus/vulnerability/wordpress-wp-photo-album-plus-plugin-9-1-13-005-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54836","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:47.743","lastModified":"2026-06-26T00:16:54.023","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.\n\nThis issue affects YMC Filter: from n/a through 3.11.5."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"YMC","product":"YMC Filter","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"ymc-smart-filter","versions":[{"version":"n/a","lessThanOrEqual":"3.11.5","versionType":"custom","status":"affected","changes":[{"at":"3.11.6","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:23:41.498385Z","id":"CVE-2026-54836","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/ymc-smart-filter/vulnerability/wordpress-filter-grids-plugin-3-11-5-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54838","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:47.907","lastModified":"2026-06-25T16:16:39.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Rymera Web Co","product":"WC Vendors Marketplace","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wc-vendors","versions":[{"version":"n/a","lessThanOrEqual":"2.6.8","versionType":"custom","status":"affected","changes":[{"at":"2.6.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:54:31.148518Z","id":"CVE-2026-54838","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wc-vendors/vulnerability/wordpress-wc-vendors-marketplace-plugin-2-6-8-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54841","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:48.050","lastModified":"2026-06-25T16:16:39.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Appsbd","product":"Vitepos","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"vitepos-lite","versions":[{"version":"n/a","lessThanOrEqual":"3.4.2","versionType":"custom","status":"affected","changes":[{"at":"3.4.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:51:19.658908Z","id":"CVE-2026-54841","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/vitepos-lite/vulnerability/wordpress-vitepos-plugin-3-4-2-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54842","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:48.190","lastModified":"2026-06-25T15:16:39.130","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Royal MCP: from n/a through 1.4.25."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Royal Plugins","product":"Royal MCP","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"royal-mcp","versions":[{"version":"n/a","lessThanOrEqual":"1.4.25","versionType":"custom","status":"affected","changes":[{"at":"1.4.26","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:09:23.615745Z","id":"CVE-2026-54842","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/royal-mcp/vulnerability/wordpress-royal-mcp-plugin-1-4-25-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54843","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:48.383","lastModified":"2026-06-25T15:16:39.227","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in MDTF <= 1.3.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PluginUs.Net","product":"MDTF","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-meta-data-filter-and-taxonomy-filter","versions":[{"version":"n/a","lessThanOrEqual":"1.3.7","versionType":"custom","status":"affected","changes":[{"at":"1.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:02:34.701339Z","id":"CVE-2026-54843","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-7-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54845","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:48.853","lastModified":"2026-06-26T00:16:54.127","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"PluginUs.Net","product":"MDTF","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-meta-data-filter-and-taxonomy-filter","versions":[{"version":"n/a","lessThanOrEqual":"1.3.8","versionType":"custom","status":"affected","changes":[{"at":"1.3.9","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:20:54.957875Z","id":"CVE-2026-54845","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-8-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54848","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:49.037","lastModified":"2026-06-25T15:16:39.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.\n\nThis issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Saad Iqbal","product":"APIExperts Square for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woosquare","versions":[{"version":"n/a","lessThanOrEqual":"4.7.3","versionType":"custom","status":"affected","changes":[{"at":"4.7.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:23:55.330925Z","id":"CVE-2026-54848","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woosquare/vulnerability/wordpress-apiexperts-square-for-woocommerce-plugin-4-7-3-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-54849","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:49.183","lastModified":"2026-06-25T16:16:39.817","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Premmerce","product":"Premmerce Wishlist for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"premmerce-woocommerce-wishlist","versions":[{"version":"n/a","lessThanOrEqual":"1.1.11","versionType":"custom","status":"affected","changes":[{"at":"1.1.12","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:51:53.961454Z","id":"CVE-2026-54849","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-11-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56005","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:49.720","lastModified":"2026-06-25T15:16:39.520","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Melapress","product":"WP Activity Log","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-security-audit-log","versions":[{"version":"n/a","lessThanOrEqual":"5.6.3.1","versionType":"custom","status":"affected","changes":[{"at":"5.6.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:19:22.265749Z","id":"CVE-2026-56005","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/wp-security-audit-log/vulnerability/wordpress-wp-activity-log-plugin-5-6-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56006","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.093","lastModified":"2026-06-25T15:16:39.617","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"H5P","product":"H5P","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"h5p","versions":[{"version":"n/a","lessThanOrEqual":"1.17.6","versionType":"custom","status":"affected","changes":[{"at":"1.17.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T13:58:10.000583Z","id":"CVE-2026-56006","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/h5p/vulnerability/wordpress-h5p-plugin-1-17-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56014","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.340","lastModified":"2026-06-26T00:16:54.383","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Averta","product":"Master Slider","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"master-slider","versions":[{"version":"n/a","lessThanOrEqual":"3.11.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:21:37.744678Z","id":"CVE-2026-56014","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/master-slider/vulnerability/wordpress-master-slider-plugin-3-11-2-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56023","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.490","lastModified":"2026-06-25T16:16:41.240","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Knit Pay","product":"UPI QR Code Payment Gateway for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"upi-qr-code-payment-for-woocommerce","versions":[{"version":"n/a","lessThanOrEqual":"1.6.2","versionType":"custom","status":"affected","changes":[{"at":"1.6.3","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:44:28.836369Z","id":"CVE-2026-56023","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/upi-qr-code-payment-for-woocommerce/vulnerability/wordpress-upi-qr-code-payment-gateway-for-woocommerce-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56042","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.637","lastModified":"2026-06-25T16:16:41.357","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Algolplus","product":"Advanced Order Export For WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woo-order-export-lite","versions":[{"version":"n/a","lessThanOrEqual":"4.0.9","versionType":"custom","status":"affected","changes":[{"at":"4.0.10","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:52:10.812898Z","id":"CVE-2026-56042","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woo-order-export-lite/vulnerability/wordpress-advanced-order-export-for-woocommerce-plugin-4-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56049","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.753","lastModified":"2026-06-25T15:16:39.710","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Post Snippets","product":"Post Snippets","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"post-snippets","versions":[{"version":"n/a","lessThanOrEqual":"4.0.19","versionType":"custom","status":"affected","changes":[{"at":"4.1.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:16:41.214334Z","id":"CVE-2026-56049","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/post-snippets/vulnerability/wordpress-post-snippets-plugin-4-0-19-remote-code-execution-rce-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56050","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:50.880","lastModified":"2026-06-25T15:16:39.807","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects PPOM for WooCommerce: from n/a through 33.0.18."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Themeisle","product":"PPOM for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woocommerce-product-addon","versions":[{"version":"n/a","lessThanOrEqual":"33.0.18","versionType":"custom","status":"affected","changes":[{"at":"34.0.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:02:58.936299Z","id":"CVE-2026-56050","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/woocommerce-product-addon/vulnerability/wordpress-ppom-for-woocommerce-plugin-33-0-18-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56053","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:51.160","lastModified":"2026-06-26T00:16:54.647","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"EventPrime","product":"EventPrime","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"eventprime-event-calendar-management","versions":[{"version":"n/a","lessThanOrEqual":"4.3.4.1","versionType":"custom","status":"affected","changes":[{"at":"4.3.4.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:23:05.323904Z","id":"CVE-2026-56053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/eventprime-event-calendar-management/vulnerability/wordpress-eventprime-plugin-4-3-4-1-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56054","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:51.283","lastModified":"2026-06-25T15:16:39.897","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Ahmad","product":"JS Help Desk","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"js-support-ticket","versions":[{"version":"n/a","lessThanOrEqual":"3.1.1","versionType":"custom","status":"affected","changes":[{"at":"3.1.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:32:46.367058Z","id":"CVE-2026-56054","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-3-1-1-arbitrary-file-deletion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56071","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:51.400","lastModified":"2026-06-25T16:16:41.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"WPMU DEV","product":"Forminator","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"forminator","versions":[{"version":"n/a","lessThanOrEqual":"1.53.1","versionType":"custom","status":"affected","changes":[{"at":"1.53.2","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:52:30.804581Z","id":"CVE-2026-56071","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/forminator/vulnerability/wordpress-forminator-plugin-1-53-1-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56122","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T14:16:51.513","lastModified":"2026-06-25T19:25:34.880","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"rickknowles","product":"Winstone Servlet Container","defaultStatus":"affected","repo":"https://sourceforge.net/projects/winstone/","versions":[{"version":"0","lessThanOrEqual":"0.9.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:07:38.218994Z","id":"CVE-2026-56122","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://gist.github.com/VAMorales/ce93f10215c43b2a8344426f4dd59cd3","source":"disclosure@vulncheck.com"},{"url":"https://winstone.sourceforge.net/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/winstone-servlet-engine-path-traversal-via-http-request-paths","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-57429","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:54.820","lastModified":"2026-06-25T15:16:40.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Broken Access Control in Slim SEO <= 4.6.2 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"eLightUp","product":"Slim SEO","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"slim-seo","versions":[{"version":"n/a","lessThanOrEqual":"4.6.2","versionType":"custom","status":"affected","changes":[{"at":"4.7.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:15:34.020447Z","id":"CVE-2026-57429","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/slim-seo/vulnerability/wordpress-slim-seo-plugin-4-6-2-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-57619","sourceIdentifier":"audit@patchstack.com","published":"2026-06-25T14:16:55.033","lastModified":"2026-06-25T15:16:42.703","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Elementor","product":"Elementor Website Builder","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"elementor","versions":[{"version":"n/a","lessThanOrEqual":"4.1.3","versionType":"custom","status":"affected","changes":[{"at":"4.1.4","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:02:06.628476Z","id":"CVE-2026-57619","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/elementor/vulnerability/wordpress-elementor-website-builder-plugin-4-1-3-sensitive-data-exposure-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-13222","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:34.150","lastModified":"2026-06-25T16:16:33.317","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Our payment integration with Oppwa-based payment methods did not \nproperly validate payment status responses. An attacker could use a \nsuccessful payment status response from one payment and supply it to the\n system for a different payment, gaining access to multiple valid \ntickets with only one payment."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix-oppwa","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix-oppw","repo":"https://github.com/pretix/pretix-oppwa","versions":[{"version":"0","lessThan":"1.4.3","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:13:47.859125Z","id":"CVE-2026-13222","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-841"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-13223","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:34.270","lastModified":"2026-06-25T16:16:33.420","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Our payment integration with Computop-based payment methods did not \nproperly validate payment status responses. An attacker could use a \nsuccessful payment status response from one payment and supply it to the\n system for a different payment, gaining access to multiple valid \ntickets with only one payment."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix-computop","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix-computop","repo":"https://github.com/pretix/pretix-computop","versions":[{"version":"0","lessThan":"1.3.2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:14:09.758824Z","id":"CVE-2026-13223","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-841"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-13225","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:34.380","lastModified":"2026-06-25T16:16:33.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious HTML content could be injected into the email address of an \norder, which pretix showed without sanitization on the confirmation page\n for individual tickets in that order."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix","repo":"https://github.com/pretix/pretix","versions":[{"version":"0","lessThan":"2026.3.4","versionType":"python","status":"affected"},{"version":"2026.4.0","lessThan":"2026.4.4","versionType":"python","status":"affected"},{"version":"2026.5.0","lessThan":"2026.5.2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:11:06.802643Z","id":"CVE-2026-13225","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-13314","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:34.513","lastModified":"2026-06-25T16:16:33.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious HTML content could be injected into the content rendered by the pretix-digital plugin."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix-digital","defaultStatus":"unaffected","collectionURL":"https://marketplace.pretix.eu","packageName":"pretix-digital","versions":[{"version":"0","lessThan":"1.6.5","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:14:32.564997Z","id":"CVE-2026-13314","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-46735","sourceIdentifier":"security_alert@emc.com","published":"2026-06-25T15:16:35.797","lastModified":"2026-06-25T19:14:05.160","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"Display and Peripheral Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"Version 2.3 and later","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:52:49.071510Z","id":"CVE-2026-46735","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-hk/000475656/dsa-2026-267?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com"}]}},{"cve":{"id":"CVE-2026-49319","sourceIdentifier":"cve@asrg.io","published":"2026-06-25T15:16:37.980","lastModified":"2026-06-26T07:16:22.227","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. \n\n\n\nAn attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM)."}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Alps Electric Co., Ltd.","product":"Remote Keyless Entry System (RKES) R53R0","defaultStatus":"unknown","modules":["Rolling-code authentication / resynchronization logic"],"versions":[{"version":"R53R0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:12:12.690462Z","id":"CVE-2026-49319","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://fccid.io/CWTR53R0","source":"cve@asrg.io"},{"url":"https://www.asrg.io/security-advisories/cve-2026-49319-suzuki-swift-2024-rkes-rollback-replay","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-57234","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:40.343","lastModified":"2026-06-26T19:03:15.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:05:35.927298Z","id":"CVE-2026-57234","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"},{"lang":"en","value":"CWE-184"},{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-8678-w3jw-xfc2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57235","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:40.493","lastModified":"2026-06-26T13:32:08.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:40:58.746326Z","id":"CVE-2026-57235","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5prr-v3j2-97mh","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57236","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:40.627","lastModified":"2026-06-26T13:32:23.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding reads invalid memory, which can cause a segfault or leak freed bytes into a Ruby String. Affects the CRuby (libxml2) implementation only; JRuby is not affected. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:32:34.851256Z","id":"CVE-2026-57236","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5v8h-3h3q-446p","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57434","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:40.860","lastModified":"2026-06-26T13:32:33.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:47:54.468813Z","id":"CVE-2026-57434","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-9cv2-cfxc-v4v2","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57435","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:41.000","lastModified":"2026-06-26T13:32:43.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable through the document node cache. A later use of the freed child node or a Ruby GC mark could dereference an invalid pointer, causing an invalid read and a possible segfault. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:53:12.909230Z","id":"CVE-2026-57435","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"},{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-phwj-rprq-35pp","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57436","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:41.163","lastModified":"2026-06-26T16:47:15.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:26:42.649086Z","id":"CVE-2026-57436","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wjv4-x9w8-wm3h","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57437","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T15:16:41.317","lastModified":"2026-06-26T16:47:23.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear","baseScore":1.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"CLEAR"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T14:59:55.399934Z","id":"CVE-2026-57437","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-p67v-3w7g-wjg7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57532","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:41.457","lastModified":"2026-06-25T16:16:43.063","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious HTML content contained in the layout specification of a PDF \nticket or badge layout was executed when the PDF editor is opened in the\n browser. This could allow one backend user to inject JavaScript into \nthe browser context of another backend user. Due to requirements of the \nPDF rendering and editing libraries used, this is one of the few pages \nin our backend that do not have a strong Content-Security-Policy that \nwould render this capability useless for most scenarios."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix","repo":"https://github.com/pretix/pretix","versions":[{"version":"0","lessThan":"2026.3.4","versionType":"python","status":"affected"},{"version":"2026.4.0","lessThan":"2026.4.4","versionType":"python","status":"affected"},{"version":"2026.5.0","lessThan":"2026.5.2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:04:18.329787Z","id":"CVE-2026-57532","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-57533","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:41.590","lastModified":"2026-06-25T16:16:43.167","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious HTML content could be injected into the page pretix shows when\n redirection to an untrusted page occurs. Since this page has a \nContent-Security-Policy, this can mainly be used for phishing purposes."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix","repo":"https://github.com/pretix/pretix","versions":[{"version":"0","lessThan":"2026.3.4","versionType":"python","status":"affected"},{"version":"2026.4.0","lessThan":"2026.4.4","versionType":"python","status":"affected"},{"version":"2026.5.0","lessThan":"2026.5.2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:05:08.728267Z","id":"CVE-2026-57533","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-57534","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:41.717","lastModified":"2026-06-25T16:16:43.273","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Malicious HTML content could be injected into the content of a page in the pretix-pages plugin."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix-pages","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix-pages","repo":"https://github.com/pretix/pretix-pages","versions":[{"version":"0","lessThan":"1.6.4","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:12:33.269426Z","id":"CVE-2026-57534","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-57535","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:41.853","lastModified":"2026-06-25T16:16:43.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src\n attribute of these images pointed to an URL, the PDF rendering engine \nwould download the image from that place and display it, thereby leaking\n information about the rendering server and possibly creating an SSRF \nvector in the local network."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix","repo":"https://github.com/pretix/pretix","versions":[{"version":"0","lessThan":"2026.3.4","versionType":"python","status":"affected"},{"version":"2026.4.0","lessThan":"2026.4.4","versionType":"python","status":"affected"},{"version":"2026.5.0","lessThan":"2026.5.2","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:10:42.511872Z","id":"CVE-2026-57535","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-57536","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T15:16:42.177","lastModified":"2026-06-25T16:16:43.470","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Our payment integration with Mollie did not properly validate payment \nstatus responses. An attacker could use a successful payment status \nresponse from one payment and supply it to the system for a different \npayment, gaining access to multiple valid tickets with only one payment."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"pretix-mollie","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"pretix-mollie","repo":"https://github.com/pretix/pretix-mollie","versions":[{"version":"0","lessThan":"2.5.6","versionType":"python","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:13:22.598137Z","id":"CVE-2026-57536","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-841"}]}],"references":[{"url":"https://pretix.eu/about/en/blog/20260625-release-2026-5-2/","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-57587","sourceIdentifier":"vulnreport@tenable.com","published":"2026-06-25T15:16:42.397","lastModified":"2026-06-26T16:47:41.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."}],"affected":[{"source":"vulnreport@tenable.com","affectedData":[{"vendor":"tenable","product":"Nessus","defaultStatus":"unaffected","versions":[{"version":"prior to 10.12.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:34:47.945679Z","id":"CVE-2026-57587","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"BD8A70BC-303F-409C-BC62-7CE2B7243178"}]}]}],"references":[{"url":"https://www.tenable.com/security/tns-2026-17","source":"vulnreport@tenable.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57588","sourceIdentifier":"vulnreport@tenable.com","published":"2026-06-25T15:16:42.547","lastModified":"2026-06-26T16:48:57.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data."}],"affected":[{"source":"vulnreport@tenable.com","affectedData":[{"vendor":"tenable","product":"Nessus","defaultStatus":"unaffected","versions":[{"version":"prior to 10.12.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"vulnreport@tenable.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:33:30.885696Z","id":"CVE-2026-57588","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"BD8A70BC-303F-409C-BC62-7CE2B7243178"}]}]}],"references":[{"url":"https://www.tenable.com/security/tns-2026-17","source":"vulnreport@tenable.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6432","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T15:16:42.820","lastModified":"2026-06-25T20:12:00.393","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage."}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"Silicon Labs","product":"SiSDK","defaultStatus":"unaffected","packageName":"EmberZNet","repo":"https://github.com/SiliconLabs/simplicity_sdk","versions":[{"version":"0","lessThanOrEqual":"2025.12 and earlier","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:33:12.084091Z","id":"CVE-2026-6432","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://github.com/SiliconLabsSoftware/sisdk-release","source":"product-security@silabs.com"},{"url":"https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pYDOwIAO?operationContext=S1","source":"product-security@silabs.com"}]}},{"cve":{"id":"CVE-2026-12844","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-25T16:16:33.097","lastModified":"2026-06-25T20:17:10.177","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function.\n\npairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer.\n\nAny caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"DROLSKY","product":"List::SomeUtils::XS","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"List-SomeUtils-XS","programFiles":["XS.xs"],"programRoutines":[{"name":"List::SomeUtils::XS::pairwise"}],"repo":"https://github.com/houseabsolute/List-SomeUtils-XS","versions":[{"version":"0","lessThan":"0.59","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:56:17.755649Z","id":"CVE-2026-12844","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/houseabsolute/List-SomeUtils-XS/commit/22549f78669b780d6aa338a2d2e49a3dedfffaa6.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/DROLSKY/List-SomeUtils-XS-0.59/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/25/11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-4522","sourceIdentifier":"security@hypr.com","published":"2026-06-25T16:16:37.483","lastModified":"2026-06-25T20:16:05.473","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception.\n\nThis issue affects HYPR Passwordless: before 11.1.1."}],"affected":[{"source":"security@hypr.com","affectedData":[{"vendor":"HYPR","product":"Passwordless","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThan":"11.1.1","versionType":"patch","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@hypr.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:03:16.387341Z","id":"CVE-2026-4522","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@hypr.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.hypr.com/trust-center/security-advisories","source":"security@hypr.com"}]}},{"cve":{"id":"CVE-2026-54036","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:39.217","lastModified":"2026-06-26T19:02:50.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requiring any TOTP or backup code verification. An attacker with a valid session token can completely take over a victim's 2FA, locking the legitimate user out of their own two-factor authentication. This vulnerability is fixed in 0.8.4-rc1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"danny-avila","product":"LibreChat","versions":[{"version":"< 0.8.4-rc1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:01:44.216251Z","id":"CVE-2026-54036","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8.3","matchCriteriaId":"77B80F25-E7C2-442E-98E3-F4462C40C74F"}]}]}],"references":[{"url":"https://github.com/danny-avila/LibreChat/security/advisories/GHSA-45fp-6q26-wfgq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/danny-avila/LibreChat/security/advisories/GHSA-45fp-6q26-wfgq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55477","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:40.033","lastModified":"2026-06-25T20:21:19.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MHSanaei","product":"3x-ui","versions":[{"version":"< 3.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:47:40.319087Z","id":"CVE-2026-55477","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/MHSanaei/3x-ui/security/advisories/GHSA-jm48-m3rr-9hgg","source":"security-advisories@github.com"},{"url":"https://github.com/MHSanaei/3x-ui/security/advisories/GHSA-jm48-m3rr-9hgg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55693","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:40.220","lastModified":"2026-06-26T14:17:05.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount[]). A crafted .spl/.sug file pair, loaded when the user invokes spell suggestion, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0653."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0653","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:02:19.096753Z","id":"CVE-2026-55693","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0653","matchCriteriaId":"95C43D0E-DBE9-492A-8A37-545A029FCCA8"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/a80874d9b84a01040e3d1aef2d4a59e1934dafb7","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0653","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-wgh4-64f7-q3jq","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55892","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:40.690","lastModified":"2026-06-26T19:16:44.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0662","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:52.811086Z","id":"CVE-2026-55892","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0662","matchCriteriaId":"9A5ABC9A-9AEE-44B9-90EC-18E81C622DEE"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/8325b193bba5f01e7a7d8241f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0662","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-qm9w-fmpj-879h","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55895","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:41.077","lastModified":"2026-06-26T05:16:31.097","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!.  This vulnerability is fixed in 9.2.0663."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0663","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-55895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0663","matchCriteriaId":"6AE8E51C-5D1B-47C7-9913-E10DB56A3042"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/55bc757a5d436e59d50fe43f7cda94b118f86cb2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0663","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-vhh8-v6wx-hjjh","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57438","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.130","lastModified":"2026-06-26T04:11:23.357","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its children (such as <xi:fallback> and its descendants) and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the corresponding Ruby object was left pointing at freed memory. Using the object could result in invalid reads or writes to memory. This vulnerability is fixed in 1.19.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.19.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:23:37.751403Z","id":"CVE-2026-57438","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.19.4","matchCriteriaId":"1E436D65-41E3-459F-9D7F-3CD5BB2BFCB1"}]}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wfpw-mmfh-qq69","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57451","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.263","lastModified":"2026-06-26T04:11:55.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that guarantees room for a single entry; the count is never checked against the amount of data actually present. A line that declares a large count while carrying little data causes consumers to read far past the end of the line buffer. Such a line can be delivered through a crafted undo file, leading to a crash. This vulnerability is fixed in 9.2.0670."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0670","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T16:04:17.336016Z","id":"CVE-2026-57451","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0670","matchCriteriaId":"EB2DDC9A-E225-4384-926A-09507792888D"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/b2338ca90643e2f01ecb6547c1172716aaec4f79","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0670","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-f36c-2qcp-7gpw","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57452","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.397","lastModified":"2026-06-26T04:12:32.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05!\nmethod (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0671","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:47:10.061512Z","id":"CVE-2026-57452","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0671","matchCriteriaId":"CBDC7B4B-BC91-4E4D-9B87-46A114D4011D"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/c8777cec25dcfae89c42e9aff51af61f71c5745f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0671","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-c4j9-wr9j-4486","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57453","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.520","lastModified":"2026-06-26T17:16:34.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":">= 9.1.1784, < 9.2.0678","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T03:55:57.010270Z","id":"CVE-2026-57453","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.1784","versionEndExcluding":"9.2.0678","matchCriteriaId":"03102470-3B8F-46E8-A41E-B461930B91B1"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/b2cc9be119d51212bf0d3f2a99","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0678","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-x5fg-h5w9-9frf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57454","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.647","lastModified":"2026-06-26T19:16:45.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":">= 9.2.0320, < 9.2.0679","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:55.810105Z","id":"CVE-2026-57454","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0320","versionEndExcluding":"9.2.0679","matchCriteriaId":"E2A8CD5E-BECF-4D4E-BD35-8DC71EFF8B82"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/b3faeecc976d3031d7c0675623516ec60c30f949","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0679","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-ww8h-47xp-hp4w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57455","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.773","lastModified":"2026-06-26T04:23:21.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0698","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T23:29:19.453165Z","id":"CVE-2026-57455","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0698","matchCriteriaId":"A0CE6A10-5392-4E84-8EA8-1337EC862FCB"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/497f931f85339d175d7f69588dd249e8ccfed41b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0698","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-q8mh-6qm3-25g4","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57456","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T16:16:42.900","lastModified":"2026-06-26T05:16:31.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vim","product":"vim","versions":[{"version":"< 9.2.0699","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T00:00:00+00:00","id":"CVE-2026-57456","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.0699","matchCriteriaId":"77198FAE-83D6-4416-8D34-98B3C3FC4040"}]}]}],"references":[{"url":"https://github.com/vim/vim/commit/cce141c42740f122dd8486ae04e21c2a81016ba8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/vim/vim/releases/tag/v9.2.0699","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/vim/vim/security/advisories/GHSA-ppj8-wqjf-6fp3","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9650","sourceIdentifier":"cybersecurity@se.com","published":"2026-06-25T16:16:43.867","lastModified":"2026-06-25T19:10:00.050","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller","defaultStatus":"unaffected","versions":[{"version":"Version 11.06.30 and prior","status":"affected"}]},{"vendor":"Schneider Electric","product":"Saitel DP Remote Terminal Unit & Controller","defaultStatus":"unaffected","versions":[{"version":"Version 11.06.35 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:48:51.280291Z","id":"CVE-2026-9650","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf","source":"cybersecurity@se.com"}]}},{"cve":{"id":"CVE-2026-9651","sourceIdentifier":"cybersecurity@se.com","published":"2026-06-25T16:16:43.990","lastModified":"2026-06-25T19:10:00.050","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files."}],"affected":[{"source":"cybersecurity@se.com","affectedData":[{"vendor":"Schneider Electric","product":"EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller","defaultStatus":"unaffected","versions":[{"version":"Version 11.06.31 and prior","status":"affected"}]},{"vendor":"Schneider Electric","product":"Saitel DP Remote Terminal Unit & Controller","defaultStatus":"unaffected","versions":[{"version":"Version 11.06.37 and prior","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cybersecurity@se.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T15:49:29.524994Z","id":"CVE-2026-9651","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-160-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-160-02.pdf","source":"cybersecurity@se.com"}]}},{"cve":{"id":"CVE-2026-13350","sourceIdentifier":"655498c3-6ec5-4f0b-aea6-853b334d05a6","published":"2026-06-25T17:16:38.340","lastModified":"2026-06-25T20:11:34.393","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create."}],"affected":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","affectedData":[{"vendor":"pretix","product":"Venueless","defaultStatus":"unaffected","versions":[{"version":"0.0.0","lessThan":"0a35457f","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:15:06.143068Z","id":"CVE-2026-13350","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"655498c3-6ec5-4f0b-aea6-853b334d05a6","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/venueless/venueless/security/advisories/GHSA-hj6j-wpgc-qrp5","source":"655498c3-6ec5-4f0b-aea6-853b334d05a6"}]}},{"cve":{"id":"CVE-2026-45233","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T17:16:39.207","lastModified":"2026-06-25T19:25:34.880","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"danpros","product":"htmly","defaultStatus":"affected","repo":"https://github.com/danpros/htmly","versions":[{"version":"0","lessThanOrEqual":"3.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:11:08.260468Z","id":"CVE-2026-45233","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://gist.github.com/mrgr4yhat/c4df971eafa272ac8c86c15e2829b7fe","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/htmly-cms-path-traversal-via-oldfile-parameter-in-autosave","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-54027","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:40.397","lastModified":"2026-06-26T19:02:55.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"danny-avila","product":"LibreChat","versions":[{"version":"< 0.8.4-rc1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:20:33.829289Z","id":"CVE-2026-54027","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8.3","matchCriteriaId":"77B80F25-E7C2-442E-98E3-F4462C40C74F"}]}]}],"references":[{"url":"https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54448","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:41.257","lastModified":"2026-06-26T19:27:05.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer. This vulnerability is fixed in 0.71.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"aquasecurity","product":"trivy","versions":[{"version":"< 0.71.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:55:22.152737Z","id":"CVE-2026-54448","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"},{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aquasec:trivy:*:*:*:*:*:go:*:*","versionEndExcluding":"0.71.0","matchCriteriaId":"24B47F67-AC9B-462F-A704-7138E5CEE8BA"}]}]}],"references":[{"url":"https://github.com/aquasecurity/trivy/pull/10718","source":"security-advisories@github.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/aquasecurity/trivy/security/advisories/GHSA-q3fv-x8vg-qqm4","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/aquasecurity/trivy/pull/10718","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/aquasecurity/trivy/security/advisories/GHSA-q3fv-x8vg-qqm4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-54573","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:41.450","lastModified":"2026-06-26T19:16:43.747","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last segment. However, it fails to strip the URL fragment (#). Because Koa's router uses ctx.path (which strips the fragment) for routing, an attacker can append a fragment containing a permitted path (e.g., #foo/api/documents.info) to a restricted endpoint (e.g., /api/documents.create). The router will route the request to the restricted endpoint, but canAccess will evaluate the permitted path in the fragment, bypassing the API key scope restrictions and allowing privilege escalation. This vulnerability is fixed in 1.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"outline","product":"outline","versions":[{"version":"< 1.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:47.158963Z","id":"CVE-2026-54573","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/outline/outline/security/advisories/GHSA-5x79-rj4g-qrh8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55411","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:41.823","lastModified":"2026-06-25T19:16:42.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credential_id is supplied in the request body. Unlike every neighbouring data-source route, this handler is not protected by ValidateDataSourceGuard, does not receive the calling @User(), and the underlying CredentialsService.getValue() looks the credential up by id only, with no organization scoping. As a result, any authenticated user of any organization can decrypt the data-source secrets of any other organization by supplying that organization's credential_id — a cross-tenant confidentiality breach. This vulnerability is fixed in 3.20.1780-lts."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ToolJet","product":"ToolJet","versions":[{"version":"< 3.20.1780-lts","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:53:08.862952Z","id":"CVE-2026-55411","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-x7qj-hfg8-p4cw","source":"security-advisories@github.com"},{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-x7qj-hfg8-p4cw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55412","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:42.020","lastModified":"2026-06-25T19:16:42.560","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string — not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ToolJet","product":"ToolJet","versions":[{"version":"< 3.20.178-lts","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:40:16.638101Z","id":"CVE-2026-55412","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w","source":"security-advisories@github.com"},{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55413","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:42.200","lastModified":"2026-06-25T19:16:42.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free tier) can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes server-side with full Node.js access (require, process). The malicious code runs whenever any user on the instance triggers a query using that plugin — achieving both RCE and supply-chain compromise of the entire ToolJet deployment. This vulnerability is fixed in 3.20.178-lts."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ToolJet","product":"ToolJet","versions":[{"version":"< 3.20.178-lts","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:01:09.665373Z","id":"CVE-2026-55413","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-jgmf-cw3v-r98x","source":"security-advisories@github.com"},{"url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-jgmf-cw3v-r98x","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55439","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T17:16:43.500","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint (GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}) in MigrationServiceImpl.download() resolves the backup filename via Path.resolve() without validating that the resolved path stays within the designated backups directory. Also, the Backup creation endpoint (POST /apis/migration.halo.run/v1alpha1/backups) does not sanitize the status fields during creation This vulnerability is fixed in 2.24.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"halo-dev","product":"halo","versions":[{"version":"< 2.24.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:41:20.038602Z","id":"CVE-2026-55439","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/halo-dev/halo/issues/10064","source":"security-advisories@github.com"},{"url":"https://github.com/halo-dev/halo/security/advisories/GHSA-h8wj-chr2-hf66","source":"security-advisories@github.com"},{"url":"https://github.com/halo-dev/halo/issues/10064","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56123","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T17:17:01.967","lastModified":"2026-06-26T16:50:16.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer with attacker-controlled size and content."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"socat","product":"socat","defaultStatus":"affected","repo":"https://repo.or.cz/socat.git","versions":[{"version":"1.8.0.0","lessThan":"1.8.1.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T02:03:26.743703Z","id":"CVE-2026-56123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dest-unreach:socat:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.0.0","versionEndExcluding":"1.8.1.2","matchCriteriaId":"0095DC85-1977-4C52-B3EF-F8963CDF0B41"}]}]}],"references":[{"url":"http://www.dest-unreach.org/socat/CHANGES","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://www.vulncheck.com/advisories/socat-heap-buffer-overflow-via-socks5-reply-parser","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-11999","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:37.613","lastModified":"2026-06-26T16:50:28.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-supplied untrusted intermediates; for those users it is critical, otherwise the library is unaffected. Native wolfSSL TLS/DTLS usage is not impacted. X509_verify_cert() returned success based only on the last verified link rather than on reaching a trust anchor: when the supplied chain is deeper than the verifier's maximum path depth (default 100), path building runs out of depth while still walking untrusted intermediates and the chain is accepted even though it never reaches a configured trust anchor, allowing acceptance of an attacker-controlled certificate. The default TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only applications doing manual or deferred verification through this API are."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.7.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:56:35.192208Z","id":"CVE-2026-11999","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.4","versionEndExcluding":"5.9.2","matchCriteriaId":"B1EF9B6B-1F1B-485B-8B93-BC02295532E1"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10674","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47770","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T18:16:38.080","lastModified":"2026-06-26T19:16:41.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion (uncontrolled recursion). The crash occurs in jq's recursive structural comparison code, with the recursion repeating through jvp_array_equal() and jv_equal() in src/jv.c when comparing deeply nested arrays; a nearby sort comparator path through jv_cmp() in src/jv_aux.c overflows the stack at a larger nesting depth from  the same missing recursion guard. Anyone running jq comparisons on attacker-controlled deeply nested JSON values, or embedding jq in a context  where untrusted data can reach the == comparison path, is affected. This vulnerability is fixed in 1.8.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jqlang","product":"jq","versions":[{"version":"< 1.8.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:44.688232Z","id":"CVE-2026-47770","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.2","matchCriteriaId":"33B35B19-67AD-450E-A887-48A290566047"}]}]}],"references":[{"url":"https://github.com/jqlang/jq/security/advisories/GHSA-3pgx-frr7-3jxp","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49839","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T18:16:38.917","lastModified":"2026-06-26T18:53:19.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jv_load_file(raw=1) reads an attacker-controlled file, it repeatedly appends file chunks to the same jv string accumulator. Once jv_string_append_buf() returns jv_invalid_with_msg(\"String too long\"), the raw-file loop does not stop. If the file contains at least one more byte, the next loop iteration appends a new chunk to an object that is already invalid. With assertions enabled this aborts in jvp_string_ptr(). With assertions disabled, the invalid object is interpreted as a string object and ASan reports heap-buffer-overflow. This vulnerability is fixed in 1.8.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jqlang","product":"jq","versions":[{"version":"< 1.8.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:55:24.168681Z","id":"CVE-2026-49839","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.2","matchCriteriaId":"33B35B19-67AD-450E-A887-48A290566047"}]}]}],"references":[{"url":"https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/jqlang/jq/security/advisories/GHSA-cfh2-vwfq-qfmm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54679","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T18:16:40.107","lastModified":"2026-06-26T18:53:32.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun.  This vulnerability is fixed in 1.8.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jqlang","product":"jq","versions":[{"version":"< 1.8.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:01:37.317964Z","id":"CVE-2026-54679","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jqlang:jq:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.2","matchCriteriaId":"33B35B19-67AD-450E-A887-48A290566047"}]}]}],"references":[{"url":"https://github.com/jqlang/jq/security/advisories/GHSA-29gj-222p-j7vx","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55961","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:41.213","lastModified":"2026-06-26T16:50:36.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"3.15.7","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:57:40.253830Z","id":"CVE-2026-55961","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15.7","versionEndExcluding":"5.9.2","matchCriteriaId":"DB9665B2-D168-40D1-AE48-038FFDAF4D0F"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10702","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55967","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:41.330","lastModified":"2026-06-26T16:50:50.000","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"4.8.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:57:03.803039Z","id":"CVE-2026-55967","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-323"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"5.9.2","matchCriteriaId":"138F0A3E-A286-464E-A1A3-34ADFDFACFE4"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10709","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6091","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:41.447","lastModified":"2026-06-26T16:50:56.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.7.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:58:24.366839Z","id":"CVE-2026-6091","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.4","versionEndExcluding":"5.9.2","matchCriteriaId":"B1EF9B6B-1F1B-485B-8B93-BC02295532E1"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10170","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6094","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:41.567","lastModified":"2026-06-26T16:51:02.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.8.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:59:35.331027Z","id":"CVE-2026-6094","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.9.2","matchCriteriaId":"C1DA8897-F4D6-4D39-9A93-38B0E8115653"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10128","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-6291","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T18:16:41.687","lastModified":"2026-06-26T16:51:09.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"3.9.10","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T17:59:02.789664Z","id":"CVE-2026-6291","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.10","versionEndExcluding":"5.9.2","matchCriteriaId":"55DC4FAD-B809-4906-AD43-A3E1CE6D3FBB"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10203","source":"facts@wolfssl.com","tags":["Issue Tracking"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12897","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T19:16:35.773","lastModified":"2026-06-25T20:16:20.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Horner Automation","product":"Cscape","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"10.2 SP3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:31:29.332436Z","id":"CVE-2026-12897","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-03","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-12921","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T19:16:36.167","lastModified":"2026-06-25T20:16:20.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"AzeoTech","product":"DAQFactory","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"21.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:30:50.110380Z","id":"CVE-2026-12921","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-46606","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:37.380","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by secure_popen(). secure_popen() is explicitly designed to interpret &&, |, and > as shell operators. Because domain names are never sanitised before interpolation, any user with the ability to create or rename a KVM/QEMU virtual machine can execute arbitrary commands as the OS user running Glances — commonly root on hypervisor hosts. This vulnerability is fixed in 4.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nicolargo","product":"glances","versions":[{"version":"< 4.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:29:22.087082Z","id":"CVE-2026-46606","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.5","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-v5r2-qh84-fjx5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46607","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:37.527","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible path (~/.cache/glances/glances-version.db or $XDG_CACHE_HOME/glances/glances-version.db). No integrity check, signature verification, or format validation is performed before deserialization. An attacker with write access to that path — through any of several realistic local or container-level scenarios — can plant a malicious pickle file and achieve arbitrary code execution as the OS user running Glances the next time it starts with version checking enabled (the default). This vulnerability is fixed in 4.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nicolargo","product":"glances","versions":[{"version":"< 4.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:49:13.379353Z","id":"CVE-2026-46607","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.5","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-9837-48hr-q32j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46608","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:37.663","lastModified":"2026-06-26T19:16:40.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: * whenever cors_origins contains more than one entry. An operator who configures an explicit two-entry allowlist (e.g. two internal dashboard origins) intending to restrict browser access instead receives the unrestricted wildcard. A malicious web page served from any origin can issue a CORS simple request to /RPC2 and read the full system monitoring dataset without the victim's knowledge. This vulnerability is fixed in 4.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nicolargo","product":"glances","versions":[{"version":"< 4.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:40.059541Z","id":"CVE-2026-46608","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-183"},{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.5","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-87qc-fj39-wccr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46611","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:37.800","lastModified":"2026-06-26T04:17:43.260","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the full system monitoring dataset from a victim's browser. This vulnerability is fixed in 4.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nicolargo","product":"glances","versions":[{"version":"< 4.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T02:14:18.408132Z","id":"CVE-2026-46611","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-350"}]}],"references":[{"url":"https://github.com/nicolargo/glances/releases/tag/v4.5.5","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-w856-8p3r-p338","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-w856-8p3r-p338","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-4930","sourceIdentifier":"product-security@silabs.com","published":"2026-06-25T19:16:39.103","lastModified":"2026-06-25T20:17:13.670","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).\n\n\nDPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.\n\n  *  Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended"}],"affected":[{"source":"product-security@silabs.com","affectedData":[{"vendor":"silabs.com","product":"Simplicity SDK","defaultStatus":"unaffected","packageName":"SiSDK","versions":[{"version":"0","lessThanOrEqual":"*.*","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"product-security@silabs.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:03:07.263017Z","id":"CVE-2026-4930","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"product-security@silabs.com","type":"Secondary","description":[{"lang":"en","value":"CWE-331"}]}],"references":[{"url":"https://community.silabs.com/068Vm00000sjHs3","source":"product-security@silabs.com"}]}},{"cve":{"id":"CVE-2026-50548","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:39.660","lastModified":"2026-06-26T16:51:25.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which could cause the sandbox to include writable paths outside the intended workspace. A malicious agent could set working_directory to a sensitive location and write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cursor","product":"cursor","versions":[{"version":"< 3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:02:45.745968Z","id":"CVE-2026-50548","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"157F84FF-1732-49FF-BFB0-1A65EB76DAD2"}]}]}],"references":[{"url":"https://github.com/cursor/cursor/security/advisories/GHSA-3p48-7v9f-v5cw","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50549","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:39.793","lastModified":"2026-06-26T16:51:39.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path and writes without approval. A malicious agent can create an in-workspace symlink that points outside the workspace and force canonicalization to fail — either because the target does not exist or because read permission is removed from the path — so the agent writes through the symlink to an arbitrary location without approval. A malicious agent could write arbitrary files outside the workspace under the user's privileges. This enables non-sandboxed Remote Code Execution — for example by overwriting the cursorsandbox helper so later commands run unsandboxed — with no user interaction beyond a benign prompt. This vulnerability is fixed in 3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cursor","product":"cursor","versions":[{"version":"< 3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T19:02:16.377893Z","id":"CVE-2026-50549","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0","matchCriteriaId":"157F84FF-1732-49FF-BFB0-1A65EB76DAD2"}]}]}],"references":[{"url":"https://github.com/cursor/cursor/security/advisories/GHSA-3v8f-48vw-3mjx","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53925","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:40.017","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via >), chain arbitrary commands (via &&), or pipe command output to arbitrary programs (via |). This vulnerability is fixed in 4.5.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nicolargo","product":"glances","versions":[{"version":">= 4.0.8, < 4.5.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:25:09.523064Z","id":"CVE-2026-53925","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7","source":"security-advisories@github.com"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-3vwc-qwhc-3mj7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54088","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:40.687","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Browser allows administrators to delegate login verification to an external shell command. User-supplied credentials (username and password) are interpolated into this command string using os.Expand without sanitization. An unauthenticated remote attacker can inject shell metacharacters in the username or password field at the login screen, causing the server to execute arbitrary OS commands before any authentication takes place. This is a critical pre-authentication RCE. This vulnerability is fixed in 2.63.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:36:26.982012Z","id":"CVE-2026-54088","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-88"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54089","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:40.827","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication (auth.method=proxy), any unauthenticated attacker who can reach the server directly can impersonate any user - including admin - by sending a single forged HTTP header. No credentials are required. Additionally, specifying a non-existent username causes the server to automatically create a new user account, providing an account creation primitive with no authorization. This is an already known issue that has been documented in the documentation for several years, but has not been documented as a vulnerability before."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":">= 2.0.0-rc.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:33:12.379285Z","id":"CVE-2026-54089","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/blob/main/auth/proxy.go","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/blob/main/http/auth.go#L121-L137","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54090","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:40.980","lastModified":"2026-06-26T16:16:32.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.33.8","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:28:16.070106Z","id":"CVE-2026-54090","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-184"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/issues/5199","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8c9q-7855-wfxq","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8c9q-7855-wfxq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54091","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.103","lastModified":"2026-06-26T19:16:42.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, an attacker who knows a public directory share URL can access files and subdirectories that the owner explicitly blocked with rules, as long as those blocked paths are located underneath the shared directory. In the simplest case this is an unauthenticated information disclosure through `GET /api/public/share/*` and `GET /api/public/dl/*`. This vulnerability is fixed in 2.63.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:37:57.265985Z","id":"CVE-2026-54091","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/e07c59df0b850f5924d5b1683e8609661ddcf534","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/releases/tag/v2.63.6","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-j9jx-hp4c-ghhh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54092","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.230","lastModified":"2026-06-26T04:17:46.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the container was destroyed. This vulnerability is fixed in 2.63.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T02:13:14.403029Z","id":"CVE-2026-54092","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/847d08bdd135e5c3659f2e6dea2f0cd36617af9b","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/releases/tag/v2.63.6","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-w5fm-68j4-fpc4","source":"security-advisories@github.com"},{"url":"https://vincent.vulcoord.net/score/?state=Not+Scored&year=2026&year=2025&assigned_to=a165dae3-480e-4f7d-bbb8-9b1d78115b69&cve=CVE-2026-54092&analyze=1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54093","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.360","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes (\\ is only a path separator on Windows). A file whose name contains Windows-style traversal is accepted by the resource handlers, stored on the Linux filesystem with a literal backslash name, and then emitted verbatim as the archive entry name. Windows extractors interpret \\ as a path separator and write the extracted file outside the extraction directory — arbitrary file write on the victim who downloads and extracts the archive. This vulnerability is fixed in 2.63.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:24:21.078101Z","id":"CVE-2026-54093","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-gxjx-7m74-hcq8","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-gxjx-7m74-hcq8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54094","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.490","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a scoped user — and in some cases an unauthenticated public-share recipient — can cross the intended scope boundary by following a symlink whose path is lexically inside their scope but whose target is outside it. This vulnerability is fixed in 2.63.14."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.14","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:41:21.135107Z","id":"CVE-2026-54094","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-239w-m3h6-ch8v","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-239w-m3h6-ch8v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54096","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.620","lastModified":"2026-06-25T19:58:30.847","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, `POST /api/share/<path>` accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target file currently exists. Later, when a file is created at that same path, the previously created public share immediately becomes valid and exposes the new file through `GET /api/public/dl/<hash>`. This vulnerability is fixed in 2.63.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:35:05.259611Z","id":"CVE-2026-54096","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3q2p-72cj-682c","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3q2p-72cj-682c","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54097","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.753","lastModified":"2026-06-26T14:17:05.303","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser (with create + delete permissions in their own isolated scope) can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose logical path happens to be a byte-prefix of another user's stored share.Link.Path. The file contents of the victim are not exposed, but the victim's share links are irrevocably wiped. This vulnerability is fixed in 2.63.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:53:56.115457Z","id":"CVE-2026-54097","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/0231b7ebdfbe77a6c54027d30c4856c3fd81ee4d","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/releases/tag/v2.63.6","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5ww9-jg6q-38r7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54250","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:41.983","lastModified":"2026-06-26T19:16:42.960","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to arbitrary locations on the filesystem when an administrator restores the archive as a compressed etcd snapshot. This vulnerability is fixed in 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"k3s-io","product":"k3s","versions":[{"version":">= 1.35.0-rc1+k3s1, < 1.35.3+k3s1","status":"affected"},{"version":">= 1.34.0-rc1+k3s1, < 1.34.6+k3s1","status":"affected"},{"version":"< 1.33.10+k3s1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T17:50:42.464225Z","id":"CVE-2026-54250","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/k3s-io/k3s/security/advisories/GHSA-jxr7-mqhw-9p98","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55667","sourceIdentifier":"security-advisories@github.com","published":"2026-06-25T19:16:43.017","lastModified":"2026-06-26T04:17:46.617","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope (other tenants' data, and the application's own database) via the upload failure-cleanup path. ScopedFs.RemoveAll is the one dereferencing operation that skips the symlink guard every other method enforces. The direct-upload handler runs RemoveAll on the user-controlled path during failed-upload cleanup, gated only by Perm.Create. If an escaping directory symlink already exists inside the user's scope, an authenticated create-only user can delete an out-of-scope target, bypassing both the ScopedFs boundary and the Perm.Delete gate. This vulnerability is fixed in 2.63.16."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.16","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T02:12:24.149089Z","id":"CVE-2026-55667","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-fmm7-x4gx-8jhr","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-fmm7-x4gx-8jhr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56766","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:43.577","lastModified":"2026-06-25T19:50:55.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"vanhauser-thc","product":"thc-hydra","defaultStatus":"unaffected","repo":"https://github.com/vanhauser-thc/thc-hydra","versions":[{"version":"0","lessThanOrEqual":"9.7","versionType":"custom","status":"affected"},{"version":"9cc84c20e75f5fef6bb1790bb9ada2afad2204e2","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:33:07.811052Z","id":"CVE-2026-56766","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/vanhauser-thc/thc-hydra/commit/9cc84c20e75f5fef6bb1790bb9ada2afad2204e2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/hydra-stack-buffer-overflow-in-ntlm-authentication-handler","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56767","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:43.713","lastModified":"2026-06-25T21:16:27.690","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute other users' robots by bypassing ownership checks in API endpoints."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getmaxun","product":"maxun","defaultStatus":"unaffected","repo":"https://github.com/getmaxun/maxun","versions":[{"version":"0","lessThan":"0.0.42","versionType":"semver","status":"affected"},{"version":"0.0.42","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:27:10.895773Z","id":"CVE-2026-56767","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/getmaxun/maxun/commit/11db0257531f1c23dec94727793c9444ee2873cf","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getmaxun/maxun/issues/1079","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getmaxun/maxun/pull/1088","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/maxun-cross-tenant-idor-in-storage-and-webhook-api-handlers","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56769","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:43.973","lastModified":"2026-06-25T19:50:55.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"hcengineering","product":"platform","defaultStatus":"unaffected","repo":"https://github.com/hcengineering/platform","versions":[{"version":"0","lessThanOrEqual":"0.7.423","versionType":"semver","status":"affected"},{"version":"68cbf8a88642d8313f151a274fb5c24dee6a2762","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:29:05.184153Z","id":"CVE-2026-56769","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/hcengineering/platform/commit/68cbf8a88642d8313f151a274fb5c24dee6a2762","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hcengineering/platform/issues/10892","source":"disclosure@vulncheck.com"},{"url":"https://github.com/hcengineering/platform/pull/10910","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/huly-platform-server-side-request-forgery-via-import-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56770","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:44.113","lastModified":"2026-06-25T19:48:51.933","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"schwehr","product":"libais","defaultStatus":"unaffected","repo":"https://github.com/schwehr/libais","packageURL":"pkg:pypi/libais","versions":[{"version":"0","lessThanOrEqual":"0.15","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:28:27.282996Z","id":"CVE-2026-56770","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://github.com/schwehr/libais/issues/263","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/libais-out-of-bounds-vector-access-in-vdmstream-addline-via-invalid-sequential-message-id","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56771","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:44.253","lastModified":"2026-06-26T04:17:47.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"samuelclay","product":"NewsBlur","defaultStatus":"unaffected","repo":"https://github.com/samuelclay/NewsBlur","versions":[{"version":"0","lessThan":"14.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T02:16:13.660355Z","id":"CVE-2026-56771","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/samuelclay/NewsBlur/commit/2e6c6812c94f35a731bda864de5aef39f18307f1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/samuelclay/NewsBlur/commit/af742daeca7cc6c8b0d58cbea381e7bc44daa520","source":"disclosure@vulncheck.com"},{"url":"https://github.com/samuelclay/NewsBlur/releases/tag/Android_14.5.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/newsblur-server-side-request-forgery-via-add-url-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56772","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:44.473","lastModified":"2026-06-25T19:50:55.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate user_id values to access another user's follows, replies, and social activity without authorization."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"samuelclay","product":"NewsBlur","defaultStatus":"unaffected","repo":"https://github.com/samuelclay/NewsBlur","versions":[{"version":"0","lessThan":"14.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:29:27.951291Z","id":"CVE-2026-56772","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/samuelclay/NewsBlur/commit/613c60b67cc46b3f4cae1dc2dfd8d717a39bc483","source":"disclosure@vulncheck.com"},{"url":"https://github.com/samuelclay/NewsBlur/releases/tag/Android_14.5.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/newsblur-insecure-direct-object-reference-in-social-interactions-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56774","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:44.630","lastModified":"2026-06-25T22:17:02.390","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session IDs and mass-invalidate persistent login sessions of any user, including administrators, forcing re-authentication and causing denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"kanboard","product":"kanboard","defaultStatus":"unaffected","repo":"https://github.com/kanboard/kanboard","versions":[{"version":"0","lessThanOrEqual":"1.2.52","versionType":"semver","status":"affected"},{"version":"928c68aa2b7c00092dd71084d329b912e229f3d1","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T20:28:52.191725Z","id":"CVE-2026-56774","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/kanboard/kanboard/commit/928c68aa2b7c00092dd71084d329b912e229f3d1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/kanboard/kanboard/issues/5829","source":"disclosure@vulncheck.com"},{"url":"https://github.com/kanboard/kanboard/pull/5831","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/kanboard-cross-user-deletion-of-persistent-login-sessions-via-unvalidated-session-id","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56786","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:44.997","lastModified":"2026-06-26T16:52:59.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tomojitakasu","product":"RTKLIB","defaultStatus":"unaffected","repo":"https://github.com/tomojitakasu/RTKLIB","versions":[{"version":"0","lessThanOrEqual":"2.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:41:31.254908Z","id":"CVE-2026-56786","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.3","matchCriteriaId":"C6DA91F0-A012-4CAC-8BA9-76C773EFB4E1"}]}]}],"references":[{"url":"https://github.com/tomojitakasu/RTKLIB/issues/799","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/rtklib-out-of-bounds-write-in-decode-type1033-via-crafted-rtcm3-message","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56787","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:45.177","lastModified":"2026-06-26T16:53:13.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tomojitakasu","product":"RTKLIB","defaultStatus":"unaffected","repo":"https://github.com/tomojitakasu/RTKLIB","versions":[{"version":"0","lessThanOrEqual":"2.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:27:10.611620Z","id":"CVE-2026-56787","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.3","matchCriteriaId":"C6DA91F0-A012-4CAC-8BA9-76C773EFB4E1"}]}]}],"references":[{"url":"https://github.com/tomojitakasu/RTKLIB/issues/798","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/rtklib-off-by-one-out-of-bounds-read-in-decode-ssr3-via-rtcm3-ssr-message","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56788","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:45.330","lastModified":"2026-06-27T04:17:52.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tomojitakasu","product":"RTKLIB","defaultStatus":"unaffected","repo":"https://github.com/tomojitakasu/RTKLIB","versions":[{"version":"0","lessThanOrEqual":"2.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-27T02:19:43.997310Z","id":"CVE-2026-56788","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.3","matchCriteriaId":"C6DA91F0-A012-4CAC-8BA9-76C773EFB4E1"}]}]}],"references":[{"url":"https://github.com/tomojitakasu/RTKLIB/issues/797","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/rtklib-out-of-bounds-read-via-negative-array-index-in-getcodepri","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/tomojitakasu/RTKLIB/issues/797","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56789","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:45.477","lastModified":"2026-06-26T16:53:38.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"tomojitakasu","product":"RTKLIB","defaultStatus":"unaffected","repo":"https://github.com/tomojitakasu/RTKLIB","versions":[{"version":"0","lessThanOrEqual":"2.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T18:24:09.198915Z","id":"CVE-2026-56789","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rtklib:rtklib:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.3","matchCriteriaId":"C6DA91F0-A012-4CAC-8BA9-76C773EFB4E1"}]}]}],"references":[{"url":"https://github.com/tomojitakasu/RTKLIB/issues/796","source":"disclosure@vulncheck.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/rtklib-heap-buffer-overflow-and-stack-read-via-oversized-rinex-epoch-satellite-count","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56790","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T19:16:45.637","lastModified":"2026-06-26T18:17:03.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"canboat","product":"canboat","defaultStatus":"unaffected","repo":"https://github.com/canboat/canboat","versions":[{"version":"0","lessThanOrEqual":"6.22","versionType":"custom","status":"affected"},{"version":"a5a22b74b9ac5688019cba62669df08562cebd6f","versionType":"git","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T21:36:05.015469Z","id":"CVE-2026-56790","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"references":[{"url":"https://github.com/canboat/canboat/commit/a5a22b74b9ac5688019cba62669df08562cebd6f","source":"disclosure@vulncheck.com"},{"url":"https://github.com/canboat/canboat/issues/644","source":"disclosure@vulncheck.com"},{"url":"https://github.com/canboat/canboat/pull/649","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/canboat-off-by-one-global-buffer-overflow-in-searchforpgn","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-10097","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:09.160","lastModified":"2026-06-26T17:16:31.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts to a decapsulation oracle that uses a static ML-KEM-1024 key, and to observe whether the genuine shared secret or the implicit-rejection secret was produced, can use this as a plaintext-checking oracle to recover the private key. A proof of concept recovered a full ML-KEM-1024 private key with approximately 98% success using roughly 350 chosen ciphertexts. The flaw is a deterministic logic error and does not rely on timing measurements."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","modules":["ML-KEM (Kyber) AVX2 implementation"],"versions":[{"version":"5.7.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:51:27.508789Z","id":"CVE-2026-10097","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-697"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.9.2","matchCriteriaId":"4EE7497A-3B57-40FF-8586-AF32DC5AEA0C"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10430","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10512","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:09.513","lastModified":"2026-06-26T16:53:52.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the scalar multiplication and potentially a wrong shared secret. The final carry-propagation chains in the x64 and AVX2 reduction routines could overflow into the top bit, and the high limb was not masked afterward, so the 255-bit field element was left non-canonical."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.6.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:49:37.963089Z","id":"CVE-2026-10512","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-682"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.4","versionEndExcluding":"5.9.2","matchCriteriaId":"6FA537CB-BA44-4EA9-8968-54859414ACA7"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10536","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10592","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:09.650","lastModified":"2026-06-26T18:55:14.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"3.9.10","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:03:09.936384Z","id":"CVE-2026-10592","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.10","versionEndExcluding":"5.9.2","matchCriteriaId":"55DC4FAD-B809-4906-AD43-A3E1CE6D3FBB"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10549","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11310","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:09.777","lastModified":"2026-06-26T18:54:51.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verify_cert() with caller-supplied untrusted intermediate certificates; for those users it is critical, otherwise the library is unaffected. In particular, native wolfSSL TLS/DTLS usage is not impacted. wolfSSL's X509_verify_cert() temporarily loads each caller-supplied untrusted intermediate into the certificate manager but failed to drop them before the trusted-store check, so an untrusted intermediate could anchor the path itself. An attacker can present a chain that never reaches a configured trust anchor and have it accepted, resulting in acceptance of an attacker-controlled certificate. This is certificate verification independent of TLS (e.g. S/MIME/CMS, code/firmware signing, JWT/JWS x5c), is not specific to any key type or algorithm, and a single untrusted intermediate suffices. The default wolfSSL TLS handshake (WOLFSSL_VERIFY_PEER) is not affected; only TLS applications doing manual or deferred peer verification through this API are, which also requires --enable-sessioncerts."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.8.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:02:17.745614Z","id":"CVE-2026-11310","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.4","versionEndExcluding":"5.9.2","matchCriteriaId":"AF84F35E-F147-4E14-A18A-78A1FB159DCE"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10674","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12340","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:09.907","lastModified":"2026-06-26T18:54:32.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65 bytes results in an out-of-bounds heap read, leading to a potential crash (denial of service); there is no out-of-bounds write. Note this only affects builds with SM2 support (--enable-sm2 or --enable-all)."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.6.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:59:13.033180Z","id":"CVE-2026-12340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.4","versionEndExcluding":"5.9.2","matchCriteriaId":"6FA537CB-BA44-4EA9-8968-54859414ACA7"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10641","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2299","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-06-25T20:17:10.763","lastModified":"2026-06-26T14:17:03.510","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership."}],"affected":[{"source":"responsibledisclosure@mattermost.com","affectedData":[{"vendor":"Mattermost","product":"Mattermost Google Drive Plugin","defaultStatus":"unaffected","repo":"https://github.com/mattermost/mattermost-plugin-google-drive","versions":[{"version":"0","lessThanOrEqual":"1.0.0","versionType":"semver","status":"affected"},{"version":"1.1.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:04:57.007408Z","id":"CVE-2026-2299","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/mattermost/mattermost-plugin-google-drive/releases/tag/v1.1.0","source":"responsibledisclosure@mattermost.com"}]}},{"cve":{"id":"CVE-2026-37149","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T20:17:11.473","lastModified":"2026-06-26T15:16:37.800","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:14:00.032982Z","id":"CVE-2026-37149","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/anirudhkannanvp/GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN-","source":"cve@mitre.org"},{"url":"https://github.com/pateldhyeyit/CVE-2026-37149","source":"cve@mitre.org"},{"url":"https://owasp.org/www-community/attacks/SQL_Injection","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-37453","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T20:17:11.603","lastModified":"2026-06-26T15:16:38.200","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:10:55.708355Z","id":"CVE-2026-37453","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://csr.msi.com/global/product-security-advisories","source":"cve@mitre.org"},{"url":"https://github.com/LittleSuRii/CVE-2026-MSIAPService","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-37454","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T20:17:11.720","lastModified":"2026-06-26T15:16:38.410","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:09:49.382409Z","id":"CVE-2026-37454","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://csr.msi.com/global/product-security-advisories","source":"cve@mitre.org"},{"url":"https://github.com/LittleSuRii/CVE-2026-MSIAPService","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-46601","sourceIdentifier":"security@golang.org","published":"2026-06-25T20:17:12.447","lastModified":"2026-06-26T17:16:33.543","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"golang.org/x/image","product":"golang.org/x/image/webp","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/image/webp","programRoutines":[{"name":"decode"},{"name":"Decode"},{"name":"DecodeConfig"}],"versions":[{"version":"0","lessThan":"0.43.0","versionType":"semver","status":"affected"}]},{"vendor":"golang.org/x/image","product":"golang.org/x/image/webp","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/image/webp","versions":[{"version":"0","lessThan":"0.43.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T16:08:56.631719Z","id":"CVE-2026-46601","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://go.dev/cl/787681","source":"security@golang.org"},{"url":"https://go.dev/issue/79869","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2026-5061","source":"security@golang.org"}]}},{"cve":{"id":"CVE-2026-46602","sourceIdentifier":"security@golang.org","published":"2026-06-25T20:17:12.553","lastModified":"2026-06-26T17:16:33.680","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption."}],"affected":[{"source":"security@golang.org","affectedData":[{"vendor":"golang.org/x/image","product":"golang.org/x/image/tiff","defaultStatus":"unaffected","collectionURL":"https://pkg.go.dev","packageName":"golang.org/x/image/tiff","programRoutines":[{"name":"Decode"}],"versions":[{"version":"0","lessThan":"0.43.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T16:05:58.046352Z","id":"CVE-2026-46602","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://go.dev/cl/788422","source":"security@golang.org"},{"url":"https://go.dev/issue/79905","source":"security@golang.org"},{"url":"https://pkg.go.dev/vuln/GO-2026-5062","source":"security@golang.org"}]}},{"cve":{"id":"CVE-2026-55958","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:16.140","lastModified":"2026-06-26T18:54:15.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SIZE) sets an error code but fails to return, so execution falls through to an XMEMCPY that writes past the end of the buffer once the accumulated TLS 1.3 handshake transcript exceeds MSGBAG_SIZE (8 KB), corrupting adjacent heap state and potentially causing a remote denial of service crash. The bag is sized to hold a normal handshake, so this is reached only by an unusually large but valid certificate chain, or by a malicious or man-in-the-middle server sending an oversized handshake message to a client that does not strictly verify the chain. This only affects builds using the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) as a TLS 1.3 client on Renesas MCUs with TSIP hardware enabled, and is rated High within those builds. All other configurations are unaffected."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.4.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:58:42.358851Z","id":"CVE-2026-55958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-393"},{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.9.2","matchCriteriaId":"65CC291B-4DC8-438B-AE58-5D8384A91DC7"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10705","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55960","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:16.617","lastModified":"2026-06-26T18:54:02.313","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer. The check now defaults the expected type to X.509 (per RFC 7250/8446) when no type was negotiated, comparing against the received server certificate type on the client and the selected client certificate type on the server, and rejects any mismatch, including an un-negotiated raw public key, with UNSUPPORTED_CERTIFICATE. Only affects builds with Raw Public Key support (HAVE_RPK) enabled - disabled by default in a standalone build, but included in --enable-all."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.6.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:58:06.794685Z","id":"CVE-2026-55960","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.4","versionEndExcluding":"5.9.2","matchCriteriaId":"6FA537CB-BA44-4EA9-8968-54859414ACA7"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10702","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55964","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:16.817","lastModified":"2026-06-26T18:53:47.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) added while building a certificate path were previously exempted from this check, so an intermediate asserting CA:TRUE but lacking keyCertSign was accepted as a signing CA. The check now applies to chain-supplied temporary CAs as well; only operator-loaded root certificates (WOLFSSL_USER_CA) and self-signed roots remain exempt. Per RFC 5280 an absent Key Usage extension implies all usages, so the requirement is enforced only when the extension is actually present (extKeyUsageSet). Affects the OpenSSL-compatibility certificate-path-building path (X509_verify_cert / X509_STORE, OPENSSL_EXTRA/OPENSSL_ALL), where untrusted chain intermediates are added as temporary CAs; native (non-OpenSSL-compat) certificate verification does not create temporary CAs and is unaffected. Within those builds, the check applies unless ALLOW_INVALID_CERTSIGN is defined."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.7.4","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:56:12.832072Z","id":"CVE-2026-55964","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.4","versionEndExcluding":"5.9.2","matchCriteriaId":"B1EF9B6B-1F1B-485B-8B93-BC02295532E1"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10702","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7531","sourceIdentifier":"facts@wolfssl.com","published":"2026-06-25T20:17:17.763","lastModified":"2026-06-26T16:53:58.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory."}],"affected":[{"source":"facts@wolfssl.com","affectedData":[{"vendor":"wolfSSL","product":"wolfSSL","defaultStatus":"unaffected","collectionURL":"https://github.com/wolfSSL/wolfssl","versions":[{"version":"5.8.0","lessThanOrEqual":"5.9.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:17:06.406308Z","id":"CVE-2026-7531","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.0","versionEndExcluding":"5.9.2","matchCriteriaId":"C1DA8897-F4D6-4D39-9A93-38B0E8115653"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10327","source":"facts@wolfssl.com","tags":["Issue Tracking","Patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source":"facts@wolfssl.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12473","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T21:16:26.530","lastModified":"2026-06-26T20:21:24.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Open Health Imaging Foundation (OHIF)","product":"DICOM Web Viewer Framework","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"v3.12.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:05:47.331920Z","id":"CVE-2026-12473","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-02.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsma-26-176-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-37452","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T21:16:26.827","lastModified":"2026-06-26T20:24:04.107","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:08:47.834969Z","id":"CVE-2026-37452","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://csr.msi.com/global/product-security-advisories","source":"cve@mitre.org"},{"url":"https://github.com/LittleSuRii/CVE-2026-MSIAPService","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-38637","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T21:16:26.927","lastModified":"2026-06-26T20:25:42.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:07:37.937060Z","id":"CVE-2026-38637","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2026-38637","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/issues/264","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/987","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/work_items/264","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-38640","sourceIdentifier":"cve@mitre.org","published":"2026-06-25T21:16:27.030","lastModified":"2026-06-26T20:25:42.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T14:06:28.124215Z","id":"CVE-2026-38640","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2026-38640","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/issues/262","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/986","source":"cve@mitre.org"},{"url":"https://gitlab.redox-os.org/redox-os/relibc/-/work_items/262","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-56445","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T21:16:27.550","lastModified":"2026-06-26T20:08:23.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"pydicom","product":"pynetdicom Library","defaultStatus":"unaffected","versions":[{"version":"1.0.0","lessThanOrEqual":"3.0.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:05:14.229106Z","id":"CVE-2026-56445","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-176-01.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/pydicom/pynetdicom","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-176-01","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2020-37256","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T22:16:58.003","lastModified":"2026-06-27T04:17:21.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Grav","product":"Grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.6.30","versionType":"semver","status":"affected"},{"version":"1.6.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-27T02:27:40.463020Z","id":"CVE-2020-37256","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.30","matchCriteriaId":"09303325-4190-488F-84A0-A27913339167"}]}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9","source":"disclosure@vulncheck.com","tags":["Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/grav-cross-site-scripting-in-admin-plugin-page-editor","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2021-47986","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T22:16:58.210","lastModified":"2026-06-26T16:19:06.243","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"parse-community","product":"parse-server","defaultStatus":"unaffected","packageURL":"pkg:npm/parse-server","versions":[{"version":"0","lessThan":"4.10.0","versionType":"semver","status":"affected"},{"version":"4.10.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T10:37:50.846778Z","id":"CVE-2021-47986","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-494"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-593v-wcqx-hq2w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/parse-server-unreviewed-code-execution-via-malicious-version-tags","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2021-47987","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T22:16:58.373","lastModified":"2026-06-26T20:22:16.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"parse-community","product":"parse-server","defaultStatus":"unaffected","packageURL":"pkg:npm/parse-server","versions":[{"version":"0","lessThan":"4.10.0","versionType":"semver","status":"affected"},{"version":"4.10.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T18:14:35.071501Z","id":"CVE-2021-47987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-494"}]}],"references":[{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-593v-wcqx-hq2w","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/parse-server-arbitrary-code-execution-via-malicious-version-tags","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71340","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-25T22:16:59.647","lastModified":"2026-06-26T16:17:26.200","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"picklescan","product":"picklescan","defaultStatus":"unaffected","packageURL":"pkg:pypi/picklescan","versions":[{"version":"0","lessThanOrEqual":"0.0.26","versionType":"semver","status":"affected"},{"version":"0.0.30","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:40:42.281053Z","id":"CVE-2025-71340","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idlelib-pyshell-modifiedinterpreter-runcode","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-13281","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-25T22:17:00.880","lastModified":"2026-06-27T05:16:41.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.201","lessThan":"149.0.7827.201","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T00:00:00+00:00","id":"CVE-2026-13281","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.200","matchCriteriaId":"2DB451A5-A085-4283-BB58-E57AC20534CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/513138301","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13282","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-25T22:17:00.993","lastModified":"2026-06-26T15:41:46.263","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.201","lessThan":"149.0.7827.201","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T01:22:00.425177Z","id":"CVE-2026-13282","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.201","matchCriteriaId":"E267455D-DC08-474B-8BA6-9EA8E6AD15EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/517522620","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-13283","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-06-25T22:17:01.090","lastModified":"2026-06-27T05:16:41.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"affected":[{"source":"chrome-cve-admin@google.com","affectedData":[{"vendor":"Google","product":"Chrome","versions":[{"version":"149.0.7827.201","lessThan":"149.0.7827.201","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T00:00:00+00:00","id":"CVE-2026-13283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"149.0.7827.201","matchCriteriaId":"E267455D-DC08-474B-8BA6-9EA8E6AD15EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html","source":"chrome-cve-admin@google.com","tags":["Vendor Advisory"]},{"url":"https://issues.chromium.org/issues/522561151","source":"chrome-cve-admin@google.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-22879","sourceIdentifier":"talos-cna@cisco.com","published":"2026-06-25T22:17:01.193","lastModified":"2026-06-26T20:22:16.713","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability"}],"affected":[{"source":"talos-cna@cisco.com","affectedData":[{"vendor":"vtk","product":"vtk","defaultStatus":"unaffected","versions":[{"version":"9.5.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:35:46.846800Z","id":"CVE-2026-22879","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-129"}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366","source":"talos-cna@cisco.com"},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2366","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-40702","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T22:17:01.483","lastModified":"2026-06-26T20:21:24.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"EVoke","product":"EVoke CSMS","defaultStatus":"unaffected","versions":[{"version":"All versions","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:21:51.132864Z","id":"CVE-2026-40702","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://evokesystems.com/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-44622","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T22:17:01.687","lastModified":"2026-06-26T20:21:24.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Charging station authentication identifiers are publicly accessible via web-based mapping platforms."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"EVoke","product":"EVoke CSMS","defaultStatus":"unaffected","versions":[{"version":"All versions","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:04:34.334047Z","id":"CVE-2026-44622","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://evokesystems.com/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-50176","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T22:17:01.873","lastModified":"2026-06-26T20:21:24.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"EVoke","product":"EVoke CSMS","defaultStatus":"unaffected","versions":[{"version":"All versions","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:54:25.318175Z","id":"CVE-2026-50176","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://evokesystems.com/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-54479","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-25T22:17:02.063","lastModified":"2026-06-26T20:21:24.967","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"EVoke","product":"EVoke CSMS","defaultStatus":"unaffected","versions":[{"version":"All versions","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:53:49.810916Z","id":"CVE-2026-54479","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://evokesystems.com/contact-us/","source":"ics-cert@hq.dhs.gov"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-02.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-43920","sourceIdentifier":"security-advisories@github.com","published":"2026-06-26T00:16:52.817","lastModified":"2026-06-26T16:10:29.320","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configuration files, execute database schema changes, perform filesystem mutations, and clear caches. The /run-patcher endpoint executes privileged maintenance operations - configuration migrations, database patch execution (including ALTER TABLE, DROP TABLE, UPDATE statements), filesystem deletions and renames, and cache clearing - without requiring administrator authentication, CSRF validation, or CLI context. An unauthenticated remote attacker can trigger these operations by sending a simple HTTP GET request to /run-patcher, which can be abused for denial-of-service attacks. Certain patches (e.g., batch token regeneration for all admin and client accounts in patch 53, and session invalidation) are disruptive even when re-executed against an already-patched instance. Repeated or concurrent requests may also cause inconsistent database state. This issue has been fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.5.4, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:40:02.131727Z","id":"CVE-2026-43920","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-prx6-m547-rfmg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-9219","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-26T00:16:55.213","lastModified":"2026-06-26T20:08:23.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Shenzhen i365-Tech Co. Ltd.","product":"Setracker2 Parental Control App (Android) package com.tgelec.setracker","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"ics-cert@hq.dhs.gov","ssvcData":{"options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CNA","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T12:38:20.824039Z","id":"CVE-2026-9219","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-9220","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-26T00:16:55.367","lastModified":"2026-06-26T20:08:23.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Shenzhen i365-Tech Co. Ltd.","product":"Setracker2 Parental Control App (Android) package com.tgelec.setracker","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"ics-cert@hq.dhs.gov","ssvcData":{"options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CNA","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T12:36:44.287025Z","id":"CVE-2026-9220","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-9222","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-06-26T00:16:55.647","lastModified":"2026-06-26T20:08:23.053","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Shenzhen i365-Tech Co. Ltd.","product":"Setracker2 Parental Control App (Android) package com.tgelec.setracker","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"ics-cert@hq.dhs.gov","ssvcData":{"options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CNA","version":"2.0.3"}},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T12:30:48.939049Z","id":"CVE-2026-9222","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-836"}]}],"references":[{"url":"https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-13226","sourceIdentifier":"security@wordfence.com","published":"2026-06-26T02:16:51.877","lastModified":"2026-06-26T16:16:30.250","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler wp_ajax_groundhogg_get_contacts_table has its capability check commented out and performs no nonce verification, meaning any authenticated user regardless of role can reach the vulnerable code path."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"trainingbusinesspros","product":"Groundhogg — CRM, Newsletters, and Marketing Automation","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:12:00.529506Z","id":"CVE-2026-13226","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/contacts-page.php#L766","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/admin/contacts/tables/contacts-table.php#L101","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/contact-query.php#L2586","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/functions.php#L679","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1013","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/groundhogg/tags/4.5.4/includes/legacy-contact-query.php#L1017","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3585561%40groundhogg&new=3585561%40groundhogg&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ba40d9-2d37-453a-a731-078f1de1fc69?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-48615","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.273","lastModified":"2026-06-26T20:18:50.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:34:45.532887Z","id":"CVE-2026-48615","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-359"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48618","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.397","lastModified":"2026-06-26T20:18:43.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:10:27.583362Z","id":"CVE-2026-48618","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-176"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48619","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.507","lastModified":"2026-06-26T20:18:56.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:01:30.143238Z","id":"CVE-2026-48619","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48928","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.610","lastModified":"2026-06-26T20:19:06.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:36:17.302009Z","id":"CVE-2026-48928","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48930","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.723","lastModified":"2026-06-26T20:19:14.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T13:37:29.781800Z","id":"CVE-2026-48930","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-48935","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:53.050","lastModified":"2026-06-26T20:14:33.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:04:33.702023Z","id":"CVE-2026-48935","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]}]}}]}